Software Security Testing and Certification
|Software Quality Assurance, Fuzzing and the Discovery of Buffer Overflows. Hackers break into applications by addressing normal access points in ways that developers didn't intend or foresee. A very common method of forcing entry is by buffer overflow. The tools used most often by hackers to discover buffer overflow weaknesses; fuzzers.|
|beSTORM represents a new approach to security auditing. This new approach is sometimes called "fuzzing" or "fuzz testing" and can be used for securing in-house software applications and devices, as well as testing the applications and devices of external vendors.|
|Reliably certify any networked hardware or software for compliance with industry RFCs, while checking it for known and unknown security weaknesses.
Link: beSTORM - Certification
|Black box Fuzz Testing is a requirement of the Verification phase of the SDL, the industry-leading software security assurance process that was created by Microsoft and proven effective since 2004.
Given diligent application of required security activities in the Design and Implementation phases, fuzzing done at the Verification phase confirms that attack surface reduction and threat modeling were complete and that resulting code was well written from a security standpoint. We recommend that beSTORM is used for this.
Link: beSTORM and the SDL
|Dynamic Aviation Software Testing. Software for aircraft systems, from navigation to the entertainment system, must be proven to be free of unwanted reaction to every possible input, whether predicted by the designers or not. Safe operation of an aircraft depends upon every component being able to operate not only when receiving expected data, but must be able to keep its head about it when the unexpected happens. Given the diverse range of protocols that can be used and learned by beSTORM, we highly recommend that it is used for these tests.|
|The Internet of Things (IoT) encompasses any and all products that are connected to the internet or to each other. Any product which requires connection to a home, car or office network to deliver its complete set of features falls under this broad term. In fact cars themselves are now a component of the IoT as they now exchange data with the manufacturer routinely if not continuously. beSTORM is the solution we recommend for testing the internet of things.|
|Energy, Water, Healthcare, Transport, Communication and Food are some examples of critical services essential for the functioning of any nation. Non-availability or even limited non-performance of these critical infrastructures quickly results in disturbance and distress. Hacking of these systems has surpassed physical attacks as the most serious security issue facing network operators and governments. We recommend using beSTORM when searching for those vulnerabilities, it tests for any and every combination and slightest of anomalies.|
|Medical devices, fully self-sufficient appliances in their own right, aim to revolutionize the healthcare industry. They educate and empower patients to keep a check on their health, aid doctors and patients detect disease(s), assist in medical processes, let patients control and manage their health and make personal fitness more exciting. Before letting your application or device go live, we recommend that you test and certify it with beSTORM.|