The list below showcases some of the projects we've done for our customers and demonstrates the breadth of our expertise.
|
1. Security Analysis of Mozilla Persona
Target of Analysis: Mozilla Persona
Description: Mozilla hired our security team for performing a thorough security analysis of Mozilla Persona, a unique global authentication system whose goal is nothing less than "to eliminate passwords on the Web."
Mission: To find vulnerabilities in design or multi-platform implementation of Mozilla Persona.
Technologies Used: Node.js, PHP, Python, JavaScript, digital certificates and public-key crypto
|
|
2. Security Analysis of a virtualization product
Target of Analysis: Virtualization product
Description: A leading virtualization vendor hired our security team for a thorough security analysis of one of their virtualization products with several new features, vulnerabilities in which could affect millions of world-wide users.
Mission: To find vulnerabilities in any component or feature of the product, either for obtaining unauthorized access, elevate privileges, remotely execute arbitrary code, or cause a denial of service.
Technologies Used: Node.js, Apache Tomcat, RDP, PCoIP, HTML 5, (proprietary technology)
|
|
3. Security Analysis of an Online Banking System
Target of Analysis: Online Banking System
Description: A major bank provides both PC-based and mobile online banking to their customers. User authentication is implemented with a "secure pin entry" one-time-password solution, and additional "3 out of 10 characters" password authentication is required for critical/suspect transactions and profile changes. Users can transfer funds from their accounts (e.g., pay bills), move money between their own accounts, buy or sell currencies, make deposits, apply for loans, view transaction history, view credit card activity etc. PC users access the online banking system through a web site, while mobile users install a mobile application, available for iOS (iPhone, iPod, iPad), Android and Java phones.
Mission: To find vulnerabilities in the server application as well as in mobile applications. Assuming an external attacker who may be completely anonymous or another banking user, find ways to make unauthorized funds transfers from other users' accounts, view their financial/personal data, break into their mobile device (through the banking app), or cause a denial of service for either selected users or all of them.
Technologies Used: JBoss web server, Java, "secure pin entry" readers, mobile devices (iOS, Android, Java), Web services
|
|
4. Penetration Test of a National Power Supply Agency
Target of "Attack": National Power Grid
Description: A national power supply agency hired us to execute an "Advanced Persistent Threat" attack simulation against their computer network and obtain control over the power grid.
Mission: To obtain control over the national power grid using any means within agreed-upon limitations. The level of control must provide us (a simulated attacker) with ability to shut down parts of the power grid and cause long-term damage to the grid, resulting in significant nation-wide power outages or - due to a domino effect - even wider.
Technologies Used: SCADA, Cisco firewalls, CheckPoint firewalls, ABB control software
|
|
5. Security Analysis of a Cloud "Platform as a Service"
Target of Analysis: User-facing console of a "Platform as a service" solution
Description: Our customer provides a "Platform as a service" solution to thousands of worldwide users, allowing them to easily deploy database-supported web applications to a cloud and manage these applications remotely via a web interface or API calls.
Mission: To find vulnerabilities allowing attacker to obtain access to users' applications or data in their databases; to cause denial of service for individual or all deployed applications.
Technologies Used: AJAX, JSON, OpenID, single sign-on
|
|
6. Security Analysis of Anyperk
Target of Analysis: Anyperk.com
Description: Anyperk, the leading US one-stop shop for employee perks, has entrusted ACROS with a thorough security review of their code.
Mission: To find vulnerabilities that could compromise user data, payment processes or Anyperk brand
Technologies Used: Ruby on Rails
|
|
7. Security Analysis of an Online E-Health System
Target of Analysis: National E-Health System
Description: A newly developed E-Health system allows medical institutions across the country to access (and partially modify) information about patients' insurance, prescriptions, medical-technical aids, health status, pregnancy status etc. The authentication is two-factor with digital certificates: Each doctor has a "professional" smart card and each patient has a "personal" health smart card. Patient's data is only accessible if both professional and personal smart card are used in the authentication with the server.
Mission: To find vulnerabilities in the system assuming an external attacker (potentially but not necessarily possessing a professional and/or personal smart card) allowing unauthorized access to data, untraceable access to data, unauthorized modification of data and denial of service. Attacks against doctors' computers are also in scope.
Technologies Used: Smart cards, smart card readers, smart card drivers, personal digital certificates, SOAP, XML digital signatures, SSL accelerators/concentrators, Cisco XML firewalls, IBM WebSphere server, Java
|
|
8. Penetration Test of a Bank Information System
Target of "Attack": Leading National Bank
Description: A leading national bank hired us to execute an "Advanced Persistent Threat" attack simulation against their information system and achieve a number of catastrophic mission objectives.
Mission: To transfer funds from specified bank account to another specified bank account without having authorized access to the former; to obtain administrative access to bank's central database; to obtain confidential documents from bank executives' laptops; to obtain administrative control over bank's internal computer network; to obtain control over bank's ATM network.
Technologies Used: IBM DB2, CICS, Web services, Cisco network equipment, IIS, ASP.NET
|
|
9. Security Analysis of a Business Social Network
Target of Analysis: Business Social Network
Description: A business social network allows employees to communicate and collaborate with their peers inside an organization, sharing data, news and files.
Mission: To find vulnerabilities in specific areas of the product, including authentication, authorization and API.
Technologies Used: (undisclosed)
|
|
10. Security Analysis of a Single Sign-On Solution
Target of Analysis: Single Sign-On Solution
Description: A Windows-based client-server solution for single sign-on (SSO), providing SSO capabilities for Windows login, Windows applications (e.g., Microsoft Outlook, Remote Desktop client) and web sites, whereby user's credentials are stored on the SSO server, encrypted with user's key on his Java card, and automatically entered in login forms where the client ("agent") positively detects them.
Mission: To find vulnerabilities allowing bypassing smart card requirement for Windows login, obtaining user's credentials (e.g., having user's Java card but not the PIN, running low-privileged code on user's computer, running a malicious web site, or being the SSO server administrator), extracting user's PIN or master key from the Java card.
Technologies Used: Web browser add-ons/plug-ins for Internet Explorer and Mozilla Firefox, Java card, encryption
|
|
11. Security Analysis of a Multi-Function Device
Target of Analysis: Multi-Function Device (heavy-duty printer/fax/scanner for enterprise use)
Description: A professional commercial Multi-Function Device by a large global vendor is being deployed to a high-risk environment where confidential documents are being printed, scanned and faxed over private leased phone lines. The customer is worried about the device leaking information, allowing unauthorized access to documents or allowing attackers to break into their network through the device.
Mission: To find vulnerabilities allowing unauthorized access to confidential data or providing remote access to the network through the device; to configure the device so as to reach maximum hardening against local or remote attacks.
Technologies Used: Embedded Linux, printing and faxing protocols, hard disk secure wiping, firmware updates (with digital signatures)
|
|
12. Security Analysis of a Web Browser Synchronized Credentials Storage
Target of Analysis: A client-server solution for synchronized storage of web browser credentials
Description: : A web browser add-on encrypts user's web site credentials, settings and bookmarks, encrypts them and stores them on an Internet server. The same add-on on user's another web browser can later download and decrypt these data and afterwards, this data is automatically being synchronized between two or more user's browsers.
Mission: To find vulnerabilities allowing a malicious web site or a rogue server administrator unauthorized access to user's stored data (in cleartext); or to break into user's computer through the add-on; or cause denial of service for individual or all users.
Technologies Used: Various encryption algorithms, JavaScript
|
|
13. Security Analysis of a Mobile SMS Authentication Solution
Target of Analysis: Authentication Solution Based on SMS Text Messages
Description: Our customer developed a system for performing SMS-based authentication: when a web site (potentially an internal one) requires authentication, the server sends an SMS (Text) message with a random PIN to user's registered mobile phone number. The user must then type this PIN to the login form to prove that he has access to the registered mobile phone.
Mission: To find vulnerabilities allowing attacker to bypass authentication (i.e., authenticate to a protected web site without possessing user's registered mobile phone) or to obtain the random PIN without having access to user's mobile phone.
Technologies Used: GSM/SMS, LDAP, Microsoft IIS, Apache web server, SSL
|
|
14. Security Analysis of a Web Server Authentication Agent
Target of Analysis: Authentication Agent for Protection of Resources on a Web Server
Description: A web "agent" intercepting requests to a web server and making sure to only allow access to users who have previously successfully authenticated to the main authentication server. The authentication token ("proof") is carried over in a cookie or in a URL argument and includes server's digital signature to allow the agent to verify the authentication and its expiration without having to contact the server.
Mission: To find vulnerabilities allowing attacker to access web server resources without prior authentication, or with an expired authentication token; to find ways to obtain the authentication token through a malicious web site; to find ways to execute arbitrary code on the server through vulnerabilities in the agent.
Technologies Used: Microsoft IIS, Apache web server, digital signatures, SSL
|
|
15. Security Analysis of an Application Interpreter for Mobile Phones
Target of Analysis: Application Interpreter for Mobile Phones
Description: An interpreter for mobile applications written in a proprietary language, allowing users to run applications (games, productivity applications, business applications) on their mobile phones. The applications run in their own sandboxes and may only access user's data in accordance to their (user-confirmed) profiles.
Mission: To find vulnerabilities allowing a malicious application to escape from its sandbox and access user's data or install additional malicious code on user's device (possibly initiating phone calls to expensive foreign numbers or sending text messages on user's behalf); to find ways for a malicious web site to inject its own code into a non-malicious application and exploit the access this application already has to user's data.
Technologies Used: (proprietary technology), mobile phones
|
|
16. Security Analysis of an Online Market Place
Target of Analysis: Online market place web site with several million users
Description: A large market place web site allows its millions of users to buy and sell their items online, whereby they can present their products with images and rich content. Various payment methods are supported, such as credit cards, wired transfer and PayPal; the site also provides escrow payment to minimize the risk of malicious buyers or sellers defrauding other users.
Mission: To find vulnerabilities allowing an attacker to obtain access to legitimate users' identities; to avoid protection provided by escrow payment; to redirect payments to attacker's account; to attack users through a malicious presentation of attacker's item (e.g., cross-site scripting).
Technologies Used: Flash, JavaScript
|
|
17. Security Analysis of a Rich Application Platform
Target of Analysis: Rich Application Platform
Description: : Our customer developed a rich Internet application (RIA) platform, allowing developers to create media-rich interactive applications for multiple environments (PC, MAC, mobile devices). The platform executes applications in a sandbox that prevents malicious content (read by applications from untrusted sources) from accessing data on user's computer/device or executing malicious code.
Mission: To find vulnerabilities allowing malicious content to execute code within the application (attacking the data handled by this application); to escape from the sandbox and either access data on user's computer or device, or launch malicious code with user's privileges.
Technologies Used: WebKit, Security-Enhanced Linux, JavaScript, (proprietary technology)
|
|
18. Security Analysis of Clever
Target of Analysis: Clever.com
Description: Clever hired our security team for performing a thorough security analysis of their system. Clever, used by 89 of the top 100 US school districts, keeps educational applications rostered and up-to-date.
Mission: To find vulnerabilities in design or implementation of Clever's web applications and APIs, authentication system and integration.
Technologies Used: Node.js, CoffeeScript, OAuth
|
|
|
. Customer Quotes
. Acknowledgments & Awards
|