We help our customers build and deploy safer, more secure and more reliable software by finding unknown (0day) vulnerabilities in applications both in the presence and absence of source code. We present our findings in full reports including technical information specific to the bugs found and actionable advice that can be applied to avoid vulnerable code paths.
In addition, we take bugs from customers and help in the bug triage process by rating the security impact and exploitability of the bugs. This helps software development efforts with limited resources to prioritize bug fixes based on the severity and security implications of the bugs.
The classes of vulnerabilities we have experience with include:
- Memory Corruption
- Privilege Escalation
- Input Sanitization
- Architectural Flaws
- Confidentiality Leaks
- Data Integrity Corruption
- Denial of Service (DoS)
- Man-in-the-Middle
- Cryptographic
- Protocol
- File Format
- Timing Flaws
We have experience doing vulnerability analysis for large software companies on software with install bases that number in the hundreds of millions, and upon request, we can develop Proof of Concept exploits to demonstrate the impact an attacker can have on the customer’s application if a vulnerability is left unfixed. Most importantly, we also provide recommendations to our clients about how they can fix any found vulnerabilities in their applications.