Security Risk Advisors

"White box" Product Testing

We specialize in end-to-end security assessment for commercial products.  This type of engagement uses architecture review, workflow and dataflow analysis, understanding of open standards, penetration testing and code review to identify custom weaknesses in complex applications.

Our approach typically answers the following scenarios and questions:

  1. Our new product is custom-built and will provide critical services to our customers over the Internet – have we addressed our most pressing risks?
  2. We are interested in buying an off-the-shelf solution that will provide critical functionality for our business process – can we trust that the product protects our sensitive data as advertised?

Our approach to these assessments is collaborative.  Where we find significant issues, we have a history of working with software vendors and development teams towards successful fixes.