With an ever-increasing range of connected devices and services in our homes, cities and in industrial and infrastructure settings, cybersecurity has never been so important. From payment systems to IoT and connected vehicles, our team of experts is experienced in providing evaluation, testing and certification services to help ensure that devices work together with robust security. 

Experts in cybersecurity for embedded systems 

 
Component Cybersecurity Evaluation

Components

Component Cybersecurity Evaluation

Devices

  • TCU & ECU
  • Secure Boxes (HSM, PoS, Smart Meters)
  • Mobile Handsets and Apps
  • Network Appliances
  • Industrial Control Systems (ICS)
Component Cybersecurity Evaluation

Systems

 

Evaluation Approach

Applus+ is a security laboratory accredited to carry out a wide range of security evaluations for security, payment and identification schemes. We also provide cybersecurity assessment and training services to help our customers identify their needs from the very beginning of product development.

Independent Security Evaluations

Black Box

The cybersecurity experts team has no knowledge or access to internal information about the target of evaluation.

Grey Box

The cybersecurity experts team has partial information about the target of evaluation.

White Box

The cybersecurity experts team has all the internal information about the target of evaluation.

Code Review

The cybersecurity experts team audit the source to verify that the proper security controls are present and that they work as intended. Code review is a way of ensuring that the application has been developed so as to be “self-defending” in its given environment.

Evaluation for a Certification Scheme

We are an accredited laboratory to conduct security evaluations under the following certification schemes:

 

Penetration Testing Techniques

Applus+ has many years of experience doing security evaluations and carrying out penetration tests on all kind of TOEs. Penetration testing gives the perfect simulation of a real attack where the cybersecurity experts team try to infringe the security of the assets and check the vulnerabilities of the product.
 
Component Cybersecurity Evaluation

On Hardware

State-of-the-art attacks and ad-hoc tools made by lab experts:
  • Fault Injection
  • Side Channel
  • Reverse Engineering
  • Design Review
  • Logical Attacks
  • IC/SoC Attacks
  • PCB HW Hacking
  • Biometrics Attacks
Component Cybersecurity Evaluation

On Software & Firmware

Strong background in embedded systems, secure boot, TEE and white box crypto:
  • Binary Reverse Engineering
  • Static Attacks
  • Source Code Audits
  • Debugging
  • Fuzzing
  • Dynamic Tamper / Hooking
  • SW Timing Analysis & CCA
  • Symbolic Execution
Component Cybersecurity Evaluation

On Communication Protocols

For IP stack protocols, industrial systems and proprietary protocols:
  • All layer attack (OSI Model) including customised HW to stimulate at lower layers (wired & wireless protocols)
  • Fuzzing
  • Dynamic Tamper / Hooking
 
Note: Because Applus+ Laboratories is accredited as a third party laboratory by several evaluation and certification schemes, and in order to guarantee its impartiality, Applus+ engineers are never involved in actual product development or solutions implementation. Our independent evaluations not accredited and its aim is to provide evaluation results to vendors who are seeking to understand the level of security of their products, despite no certificacion scheme is available yet.