Context consultants also conduct comprehensive product security evaluation exercises. These may cover hardware and software products of all types, including, for example, firewalls, telecoms equipment, anti-malware technologies used in the banking sector, voice biometric systems and a range of mobile and wireless devices and technologies.
Product evaluations may be conducted for clients seeking to ascertain whether a specific product is well-suited to a particular task; or may be commissioned by technology manufacturers or software vendors who want to test their own products.
Clearly, every product is different, so one element of the value we can add is an ability to determine the types of tests and analysis that will produce the most accurate and useful evaluation.
But beyond this, common checks include assessment of the permissions and rights for file system and registry entries, assessing what sort of information unauthorised users are able to access; and discovering the minimum time required to crack an example password created in accordance with password policy.
In cases where our research has uncovered vulnerabilities associated with widely used products we have sometimes sought to share some findings via our blog and have helped technology providers to address the issues we have identified. For example, click here [link] to find out more about our investigations of vulnerabilities associated with SAP infrastructure security.