With an ever-increasing range of connected devices and services in our homes, cities and in industrial and infrastructure settings, cybersecurity has never been so important. From payment systems to IoT and connected vehicles, our team of experts is experienced in providing evaluation, testing and certification services to help ensure that devices work together with robust security.
Applus+ is a security laboratory accredited to carry out a wide range of security evaluations for security, payment and identification schemes. We also provide cybersecurity assessment and training services to help our customers identify their needs from the very beginning of product development.
Independent Security Evaluations
The cybersecurity experts team has no knowledge or access to internal information about the target of evaluation.
The cybersecurity experts team has partial information about the target of evaluation.
The cybersecurity experts team has all the internal information about the target of evaluation.
The cybersecurity experts team audit the source to verify that the proper security controls are present and that they work as intended. Code review is a way of ensuring that the application has been developed so as to be “self-defending” in its given environment.
Evaluation for a Certification Scheme
We are an accredited laboratory to conduct security evaluations under the following certification schemes:
Applus+ has many years of experience doing security evaluations and carrying out penetration tests on all kind of TOEs. Penetration testing gives the perfect simulation of a real attack where the cybersecurity experts team try to infringe the security of the assets and check the vulnerabilities of the product.
State-of-the-art attacks and ad-hoc tools made by lab experts:
PCB HW Hacking
On Software & Firmware
Strong background in embedded systems, secure boot, TEE and white box crypto:
Binary Reverse Engineering
Source Code Audits
Dynamic Tamper / Hooking
SW Timing Analysis & CCA
On Communication Protocols
For IP stack protocols, industrial systems and proprietary protocols:
All layer attack (OSI Model) including customised HW to stimulate at lower layers (wired & wireless protocols)
Dynamic Tamper / Hooking
Note: Because Applus+ Laboratories is accredited as a third party laboratory by several evaluation and certification schemes, and in order to guarantee its impartiality, Applus+ engineers are never involved in actual product development or solutions implementation. Our independent evaluations are not accredited and their aim is to provide evaluation results to vendors who are seeking to understand the level of security of their products, despite no certificacion scheme is available yet.