Know your Software Risk
– Nohau helps to identify security risk of the device and detect vulnerabilities early avoiding expensive consequences from attacks.
Cyber attacks on critical infrastructure are on the increase and are a growing concern for both system operators and the device manufacturers who supply equipment to these systems. Attacks on critical infrastructure can severely impact service uptime, data integrity, compliance and even public safety.
Nohau’s Code Security Analysis service identifies a security risk level existing in embedded software of a device and allows fixing security issues proactively. We offer a service that reveals quickly vulnerabilities in code and software architectural level with a focus on attacker-accessible interfaces. Based on research even 75% of cyber attacks are targeted to application level and utilizes defects in code level. We utilize commonly used security coding standards and report any violation against the rules. The service can be extended by consultative code review and fixing of issues.
- Provides evidence for further analysis
Supplies direction for areas of greatest concern and justifies budget for further analysis
- Enhances product security
Focuses on addressing most critical weaknesses and reduces need for product recalls
- Protects brand reputation
Reduces the possibility of public vulnerability disclosures
- Consulting work 3-5 days depending on Project scope
- An analysis of one device and one firmware/software
- Tool licenses for consulting time
- Report describing the risk status and list of issues found
- Executive summary
- Brief description of assessment
- Any identified vulnerabilities, areas of weakness and areas of concern. Listing line level information of issues found
- Scope for full assessment (as appropriate)
Unlike assessment services from other vendors, our service features work conducted by embedded software domain expert with the most advanced tools. All Nohau assessments are based on technical expertise developed over many years in code analysis and security for embedded systems and related tools.
The Security Code Analysis may also include or be extended by:
- Security Architecture Review
- Communications Robustness Check