Digit Security offer a wealth of security related services to clients of all sizes, big and small (but by no means less important). We are constantly working on devising new ways for our company to help both our existing and prospective clients, either with new innovative services, re-hashings of old ones, or good old "value-add".

Security Training Services

The needs and requirements of industry are constantly changing, the survival of a company often depends on the ability of its employees to adapt to those changes and gain the right skills to your products at the cutting edge. The requirement to implement secure design, secure code and secure infrastructures has been monotonically increasing with little or no signs of abating.

Digit Security consultants are not only experts in applying their respective knowledge in providing services to clients, they are, for the most part, equally adept at teaching others how to do the same for themselves.

Software Security Services

The security of a system is critically dependant on the security of the software running on that system. Providing assurances as to the security of that software has always proved difficult, and in the general case impossible. However, while techniques do not exist to provide a guarantee, it certainly is possible to limit the risks posed, effectively plugging the gap.

Digit Security consultants have a long history of pro bono code review and reverse engineering of a wide range of software of varying complexity, ranging from local *NIX system binaries (CVE-2007-6276) to network services (CVE-2009-0849) to Operating System kernels (CVE-2007-4571, CVE-2008-1517, CVE-2009-1041). To learn more, see research.

In brief, key areas of our software security testing and assessment expertise include the following,

  • Code Review, according to The Open Web Application Security Project (OWASP), "Code review is, with a doubt, the single-most effective technique for identifying security flaws. When used together with automated tools and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort."
  • Reverse Engineering, if the source code of the program is unavailable for review, what do you do then? reverse engineering is the "process of discovering the technological principles of a device, object or system through analysis of its structure, function and operation". In the security sphere, reverse engineering is often limited to the discovery of software vulnerabilities and as such is often a necessary phase of the application security verification effort.
Research - Latest 3 Releases