IoT / Embedded Security

Security by Design

In order to avoid possible weaknesses regarding security of the final product, we advise companies during the entire product life-cycle. From the early design phase till post market guidance. This way expensive security problems can be avoided in advance. We also provide advice and examine the security architecture and implemented security measures at an advanced stage of development.

Securing the whole product lifecycle

The safe use of a product must be planned and documented precisely. We provide assistance with product planning and installation. We optimise the system to minimize the attack surface. When adapting to new threats, we advise you on planning and implementing of secure update functions in order to provide your products with the necessary security at a later date.

Create awareness and visibility for security and to increase the value of security early in the project

A threat assessment is a systematic method for identifying, classifying, prioritizing, and assessing threats to your security. Additionally, appropriate security controls or measures are established. A continuous and iterative process assesses possible security threats for potential damage, ensuring that the resources available can be used to protect your security.

Secure Product Development

If you don’t want to leave the security and therefore the quality of your products to chance, you have to choose a proactive approach. Only by integrating security into the development processes and by an organization that knows how to deal with the topic professionally, can high-quality products that are in line with the market be created.

With the help of the IEC-62443-4-1 standard part, you can integrate security into software development to make your products sustainably secure. You will understand which methods and measures are useful for integrating security into your development processes and get to know useful tools for checking and improving product security.

  • IEC 62443-4-1 Introduction (Principles & Requirements)
  • Security Management (product classification, security organization, security training, integrity protection, protection of the development environment, selection of secure components)
  • Specification of security requirements
  • Secure by Design & Secure Implementation
  • Security Verification & Validation Testing
  • PSIRT & Security Update Management
  • Security Guidelines

Try not to become a man of success, but rather try to become a man of value.

Far far away, behind the word mountains, far from the countries Vokalia and Consonantia, there live the blind texts. Separated they live in Bookmarksgrove right at the coast of the Semantics, a large language ocean. A small river named Duden flows by their place and supplies it with the necessary regelialia. It is a paradisematic country, in which roasted parts of sentences fly into your mouth.

Even the all-powerful Pointing has no control about the blind texts it is an almost unorthographic life One day however a small line of blind text by the name of Lorem Ipsum decided to leave for the far World of Grammar. The Big Oxmox advised her not to do so, because there were thousands of bad Commas, wild Question Marks and devious Semikoli.

Security know-how conveyed in practical approach

We offer training in secure coding for entire software teams. Thus all developers are up to date with secure coding standards at the beginning of a new project. This avoids the typical vulnerabilities and increases code quality and consistent code structure.

Even the all-powerful Pointing has no control about the blind texts it is an almost unorthographic life One day however a small line of blind text by the name of Lorem Ipsum decided to leave for the far World of Grammar. The Big Oxmox advised her not to do so, because there were thousands of bad Commas, wild Question Marks and devious Semikoli.

Wireless Security Audit

The use of wireless technologies allows hackers to target a device from a distance with no need for actual physical contact. A wireless security audit systematically checks the wireless interface of a product. We use advanced Software Defined Radio (SDR) technologies to cover the broadest possible radio spectrum. Weak spots, such as relay or replay attacks are clearly and intelligibly assessed.The report also provides you with eligible countermeasures.

Embedded Systems Security

A threat assessment is a systematic method for identifying, classifying, prioritizing, and assessing threats to your security. Additionally, appropriate security controls or measures are established. A continuous and iterative process assesses possible security threats for potential damage, ensuring that the resources available can be used to protect your security.

Product Security Incident Response Team Consulting

Professionelle und angemessene Behandlung von Produktschwachstellen.

Beim Thema Sicherheitsschwachstellen in eigenen Produkten entscheidet sehr oft der professionelle und angemessene Umgang ob aus einem potentiellen Thema ein Problem oder sogar ein PR-Desaster für das Unternehmen wird. Möchte ein Sicherheitsforscher eine Produktschwachstelle melden, wäre die richtige Stelle für Security-Meldungen ein sogenanntes Product Security Incident Response Team, kurz PSIRT.

Die Hauptfunktion eines PSIRTs ist, als qualifizierte Stelle für die Meldung von Sicherheitsschwachstellen in Produkten, Lösungen und Services des jeweiligen Unternehmens zu fungieren, und deren ordnungsgemäße Behandlung sicherzustellen.

  • Beratung zu Aufbau und Etablierung von Product Security Incident Response Teams
  • Entwicklung von Templates für typische PSIRT-Vorgänge
  • Evaluierung, Coaching und Verbesserung bestehender PSIRT-Teams
  • Fire Drill Übungen für Product Security Incident Response Teams