Cybersecurity evaluations & certification for product vendors
Product vendors are looking for ways to guarantee cybersecurity resilience to customers. Our experts can help to identify the certification solution that best fits your case. When certification is not an option, Applus+ can carry out an ad-hoc security evaluation taking your risk assessment and mitigation needs into account.
Applus+ also integrates our security assessments into your team’s Continuous Integration system, providing up-to-date security assessments for each new release.
Assess the cybersecurity of your IT infrastructure
When implementing a product or system in your IT infrastructure, you want to guarantee the cybersecurity resilience of the solution you deploy. Applus+ conducts black-box and white-box penetration testing on a wide range of products and systems, providing valuable insights about the level of resilience of the product.
Applus+ also provides tools to keep test results up-to-date even for products that are updated frequently.
Black-box: Our engineers take the final product and the customer’s concerns and start from there. We develop a security threat model and run a custom penetration test campaign and analysis. With the results of this analysis, we deliver a report on the resilience of the product against state-of-the-art attack techniques. This approach aims to provide a real world simulation of what the product may face once reaches the market.
White-box: In addition to the black-box testing approach, our engineers closely cooperate with the product vendor to gain more in-depth knowledge of the product’s internals. This approach is aimed at providing guarantees of design and implementation and is considered more exhaustive and complete.
Source Code Review: Our experts conduct code audits in cooperation with the vendor’s engineers to identify implementation failures. This approach is aimed at reducing the vulnerabilities before reaching the prototype phase of the product. Note: Because we are accredited as a third party laboratory by several evaluation and certification schemes, Applus+ engineers are never involved in actual product development or solutions implementation.
Our areas of expertise
Applus+ offers Cybersecurity evaluation services for:
Note: Because Applus+ Laboratories is accredited as a third party laboratory by several evaluation and certification schemes, and in order to guarantee its impartiality, Applus+ engineers are never involved in actual product development or solutions implementation.