Newsletter

To make sure you never miss the release of our next article, vulnerability advisory, or just to keep up-to-date with the latest news and updates from Digit Security; sign-up to our newsletter!

Latest News
October 12, 2011
In a recent article published on ‘The Register’ [1], Trusteer have attempted to “rebuff[...]” the “bank security bypass claims” apparently made by Digit Security in an article published in the Times [2] on the 1st October 2011. The article is almost exclusively composed of what are presumably quotes from the CEO of Trusteer, Mickey Boodaei. [...] read more read more
September 7, 2011
In the recent 44con security conference held at The Grange Hotel in London UK, Neil Kettle of Digit Security Ltd gave a presentation detailing the design of just one of the protections that Trusteer claim their product, namely Trusteer Rapport is capable of providing users. The information disclosed detailed both the design and implementation of [...] read more read more
July 23, 2011
The first vulnerability advisory, albeit covering many vulnerabilities in and of itself, affecting Securstar DriveCrypt has been released. The vulnerability in question exists due to the improper validation of a user-supplied pointer within a structure passed as argument to the IOCTL interface exported from the globally accessible “\\.\DCR” device. An attacker exploiting this vulnerability may [...] read more read more
Contact Us
Home \ Services

Services

Digit Security offer a wealth of security related services to clients of all sizes, big and small (but by no means less important). We are constantly working on devising new ways for our company to help both our existing and prospective clients, either with new innovative services, re-hashings of old ones, or good old "value-add".

Security Training Services

The needs and requirements of industry are constantly changing, the survival of a company often depends on the ability of its employees to adapt to those changes and gain the right skills to your products at the cutting edge. The requirement to implement secure design, secure code and secure infrastructures has been monotonically increasing with little or no signs of abating.

Digit Security consultants are not only experts in applying their respective knowledge in providing services to clients, they are, for the most part, equally adept at teaching others how to do the same for themselves.

Software Security Services

The security of a system is critically dependant on the security of the software running on that system. Providing assurances as to the security of that software has always proved difficult, and in the general case impossible. However, while techniques do not exist to provide a guarantee, it certainly is possible to limit the risks posed, effectively plugging the gap.

Digit Security consultants have a long history of pro bono code review and reverse engineering of a wide range of software of varying complexity, ranging from local *NIX system binaries (CVE-2007-6276) to network services (CVE-2009-0849) to Operating System kernels (CVE-2007-4571, CVE-2008-1517, CVE-2009-1041). To learn more, see research.

In brief, key areas of our software security testing and assessment expertise include the following,

  • Code Review, according to The Open Web Application Security Project (OWASP), "Code review is, with a doubt, the single-most effective technique for identifying security flaws. When used together with automated tools and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort."
  • Reverse Engineering, if the source code of the program is unavailable for review, what do you do then? reverse engineering is the "process of discovering the technological principles of a device, object or system through analysis of its structure, function and operation". In the security sphere, reverse engineering is often limited to the discovery of software vulnerabilities and as such is often a necessary phase of the application security verification effort.
Research - Latest 3 Releases