LRQA Nettitude has a dedicated and focused team of vulnerability researchers that work with our partners to identify security vulnerabilities in hardware and software devices.
We regularly identify vulnerabilities in applications, embedded devices and IOT technology. We have identified many unique zero-day vulnerabilities in a range of technology applications and platforms, and our team of researchers have been assigned many unique CVE numbers for their work. We work proactively with our clients to deliver focused research on a range of applications and systems with areas of speciality that include.
- Web applications
- Mobile application
- Embedded technology and IoT
- Connected vehicles
- ICS and SCADA environments
- Personal security products
- Blockchain, cryptocurrency
Our team consists of experienced professionals with deep understanding of fuzzing, reverse engineering and cryptography. Whether it is as a point in time activity, or as part of an ongoing security program, LRQA Nettitude’s security researchers are able to help.
Vulnerability research methodology:
Are there any security weaknesses within your product?
1. Vulnerability Research
Proactively test and research weaknesses within the product from a white box perspective.
- Fuzzing and Reverse Engineering
- Network & Protocol Analysis
- Web Applications, API’s and Mobile Apps
- Hardware Analysis
2. Exploit Development
Develop usable exploit code targeting found vulnerabilities.
Our internal program is focused around 6 core areas:
- Virtualisation and endpoint security products
- ATMs and financial payment products
- Hardware Products (Firewalls, Routers, etc)
- Internet of Things (IoT) inc phones, TV’s, home connected devices, etc
- Vehicles and transport systems (inc cars, etc)
- Web applications, APIs and mobile apps
LRQA Nettitude have also created many in house tools, including implant malware/C2 frameworks for simulating sophisticated attacks in financial organisations and custom data loss intelligence tools. LRQA Nettitude break vulnerability research into a number of further steps as shown below:
1. Vulnerability Research:
- Fuzzing, reverse engineering and in-depth security assessment
- Monitoring and debugging
- Cryptography research
- Hardware teardown
- Web applications
2. Recommendations & Reporting:
- Management report, debrief and recommendations around best practice.
- Technical reports, vulnerability disclosure, debriefs and recommendations.
For any vulnerabilities found, exploit code will be created to both demonstrate the vulnerabilities found and show the potential impact.
Get a free quote