At a Glance: Certus Cybersecurity was engaged by one of the largest companies in the world by market capitalization to provide product security services to Client on a long-term basis.
Services Provided: Certus Cybersecurity was engaged to provide product security services in support of a leading technology company with global visibility. Certus Cybersecurity's support includes software security testing, code review, and architectural risk analysis support services. This long term and wide ranging engagement includes penetration testing of various web application end points, Android devices and applications, IoT devices, Bluetooth Low Energy and other security testing services. Certus Cybersecurity performs security code reviews for code mostly written in Java and C along other languages and assists with architecture design reviews and threat modeling.
Results:
• Identification of mulitple critical and high severity vulnerabilities impacting client assets. Our penetration testing findings included identification of an issue in the backend APIs that handle
certificates used to encrypt payment.
• Identification through penetration testing of numerous high and medium severity vulnerabilities in the MQTT workflow that subscribe various payment related topics.
• Effectively mitigated a mutual TLS certificate issue through partnership with the Client’s development
team.
• Leveraged architectural risk analysis, to identify architectural flaws in the way file-based encryption was implemented on a proprietary device.
We provide software security services, including penetration testing, secure code review, and threat modeling.
Read more
We help organizations improve their cloud security posture and align to security best practice by identifying weak or missing security controls and misconfigurations.
Read more
We secure hardware technologies through services such as threat modeling, secure code review, and penetration testing.
Read more
We have specialized expertise to uncover cryptographic vulnerabilities and maintain the confidentiality, integrity, and authenticity of sensitive information.
Read more
We provide attorneys with highly effective consulting and expert testimony in litigation matters involving cybersecurity. Our consultants use their technical expertise and communication skills to bring clarity to complex cybersecurity issues.
Read more
Ready to get started?
Book a free consultation today, and we’ll write you back within 24 hours.