MDsec

Product Assessment

Typical Considerations

Network Service Exploitation
Client-Side Validation Bypass
Design Flaws
Coding Flaws

Overview

Many companies will have numerous agents and services listening on their network. These are typically set up on trust by the vendor or solutions provider, with the available security configurations selected as seems most appropriate. But this underscores a bigger question:

Do you trust the product to function according to its stated configuration?

The nature of research-oriented technical security is never to take any manufacturer’s claims on trust. Many products can compromised simply by sending the right unauthenticated string to a listening service, replacing a key file or pulling an encryption key from memory. Is the product robust, or is it playing dice in becoming a potential statistic on osvdb.org or exploit-db.com?

Key Components

MDSec Technical Services

Overview
Web Application Assessment
Code Review
Product Assessment
Reverse Engineering
Mobile Security Assessment
Infrastructure Assessment
Database Security Assessment
Unix Build review
Windows Build review

MDSec High-level Services

3rd Party / M&A Assessment