Our evaluations allow our clients to make informed decisions about risk to their systems, and what security-relevant modifications may be necessary for a secure deployment.
Using our custom tools and unique expertise with static analysis, fuzzing and concolic testing, we serve as a knowledgeable, dedicated adversary to identify the vulnerabilities that otherwise go undetected.
Our assessments provide an estimate of overall security posture, and the difficulty of compromise from an external attacker. We identify design-level risks and implementation flaws that illustrate systemic risks. At the conclusion of every assessment, we provide recommendations on best practices that could improve resistance to attack, and educate in-house security teams on common and novel security flaws and testing techniques.
Where possible, we deliver application-specific security engineering tools that embody the results of our assessments.
We offer custom engineering for every stage of software creation, from initial planning to enhancing the security of completed works. We will understand your problems, tailor solutions to remediate the gaps we find, and execute where our expertise is required.
Where appropriate, we will leave behind analysis tools to help you ensure that future iterations of your software remain secure.
Our engineers have extensive experience developing tools that support program analysis and compiler augmentation. We excel at binary analysis tools, automated fuzzers and testing, symbolic and concrete execution, and binary lifting.
Over the course of engagements with a large number of prime contractors -including DARPA and the National Science Foundation- we have established a reputation for delivering solid code that works. For many of these programs, industry adoption determines success. To that end, we endeavor to open source and maintain the code, and document it on our blog, regularly exceeding our partners’ expectations.
We’ve worked with technologies ranging from symbolic execution to binary lifting to multicompilation, and related areas in software security. Thanks to our deep expertise, we avoid false paths, work quickly, and never waste our clients’ time.