Informar de un incidente

Select Page

 VULNERABILITY RESEARCH

LRQA Nettitude has a dedicated and focused team of vulnerability researchers that work with our partners to identify security vulnerabilities in hardware and software devices.

We regularly identify vulnerabilities in applications, embedded devices and IOT technology. We have identified many unique zero-day vulnerabilities in a range of technology applications and platforms, and our team of researchers have been assigned many unique CVE numbers for their work. We work proactively with our clients to deliver focused research on a range of applications and systems with areas of speciality that include.

  • Web applications
  • Mobile application
  • Embedded technology and IoT
  • Connected vehicles
  • ICS and SCADA environments
  • Personal security products
  • Blockchain, cryptocurrency

Our team consists of experienced professionals with deep understanding of fuzzing, reverse engineering and cryptography. Whether it is as a point in time activity, or as part of an ongoing security program, LRQA Nettitude’s security researchers are able to help.

General Enquiry.

Vulnerability research methodology:

Are there any security weaknesses within your product?

1. Vulnerability Research

Proactively test and research weaknesses within the product from a white box perspective.

  1. Fuzzing and Reverse Engineering
  2. Network & Protocol Analysis
  3. Cryptography
  4. Web Applications, API’s and Mobile Apps
  5. Hardware Analysis

2. Exploit Development

Develop usable exploit code targeting found vulnerabilities.

Internal Program

Our internal program is focused around 6 core areas:

  1. Virtualisation and endpoint security products
  2. ATMs and financial payment products
  3. Hardware Products (Firewalls, Routers, etc)
  4. Internet of Things (IoT) inc phones, TV’s, home connected devices, etc
  5. Vehicles and transport systems (inc cars, etc)
  6. Web applications, APIs and mobile apps

LRQA Nettitude have also created many in house tools, including implant malware/C2 frameworks for simulating sophisticated attacks in financial organisations and custom data loss intelligence tools. LRQA Nettitude break vulnerability research into a number of further steps as shown below:

1. Vulnerability Research:

  • Fuzzing, reverse engineering and in-depth security assessment
  • Monitoring and debugging
  • Cryptography research
  • Hardware teardown
  • Web applications
  • Mobiles/API’s

2. Recommendations & Reporting:

  •  Management report, debrief and recommendations around best practice.
  • Technical reports, vulnerability disclosure, debriefs and recommendations.

For any vulnerabilities found, exploit code will be created to both demonstrate the vulnerabilities found and show the potential impact.

Frequently Asked Questions about Data Privacy Security

What is an incident response policy?

An Incident response plan or policy is a process you create before you experience a cyberattack. This is so that your team has a procedure to follow when you do experience a data breach. LRQA Nettitude follows the CREST Cybersecurity Incident Response process which is broken down into 3 phases: preparation, response, and follow up. Having a breach plan gives you the confidence to quickly nullify any threat to your data privacy security.

Why is data privacy security important?

Although it has always been important, the implications and need for higher security are coming into play now that technology is indispensable to everyday life. Using apps, browsing websites, and shopping online are all examples of how your data will be stored and managed online. For organisations today, the threat of cyber theft is a pertinent one. Having comprehensive data privacy plans in place can reduce and mitigate the risks of such events.

Does LRQA Nettitude practice sustainability?

As a company with a global footprint, sustainability is an area of importance to us. We are a registered ‘Investor in People’ organisation. Taking a cue from ISO 14001, we have strong sustainability practices put in place. Our organisation also hires fairly and equally, across gender and race. By working with us, you can rest assured that we implement data privacy security measures with ethics at the core of our mission.

Get in touch via the form below and get a free quote from us for our Red Team Security Testing services.

General Enquiry