Services
At Xipiter our philosophy is simple:
"To break software you need to know how to make software.
To break hardware you need to know how to make hardware."
We are a full-service software and hardware security firm.
We make and break software and hardware: from webapps to firmware.
Here is how we have bundled services to other firms in the past.
Contact Us to learn how we can help you!
"To break software you need to know how to make software.
To break hardware you need to know how to make hardware."
We are a full-service software and hardware security firm.
We make and break software and hardware: from webapps to firmware.
Here is how we have bundled services to other firms in the past.
Contact Us to learn how we can help you!
Software (application)Security:
Software security is a many splendored thing. Xipiter staff has experience not only securing but also developing full-stack applications of all kinds. From big financial high frequency trading applications to the tiny ones embedded in small devices. We can help you audit and secure yours. Xipiter performs some of these services:
- Source Code Audits (C/C++, Ruby, Java, Python, PHP, .NET and more)
- "Black Box Testing" including Software Reverse Engineering, Fuzzing, and Protocol replication
- Implementation of Software Sandboxes, Privilege separation schemes, and Access Control
- Audits of Cryptographic implementations
- Web and Mobile Application Security
- PII Risk Assessments (Personal Information)
Hardware Security:
At Xipiter we are are particularly fascinated with embedded systems. So much so that we develop our own.
We've helped large manufacturers of set-top boxes, entertainment systems, gaming systems, mobile phones, Point-Of-Sales systems, and Utilities to secure their embedded applications (and related infrastructure). We've trained teams at large semiconductor manufacturers on embedded security issues and we've spoken about these issues all around the world. We can not only reverse engineer and audit hardware we can even manufacture our own to demonstrate vulnerability or provide Proof-Of-Concept remediation. Services include but are not limited to:
* All hardware prototypes are handled with extreme care including but not limited to: storage in FF-L-2740A DoD certified GSA containers.
We've helped large manufacturers of set-top boxes, entertainment systems, gaming systems, mobile phones, Point-Of-Sales systems, and Utilities to secure their embedded applications (and related infrastructure). We've trained teams at large semiconductor manufacturers on embedded security issues and we've spoken about these issues all around the world. We can not only reverse engineer and audit hardware we can even manufacture our own to demonstrate vulnerability or provide Proof-Of-Concept remediation. Services include but are not limited to:
- Hardware penetration testing
- Firmware reverse engineering
- Embedded system code audits
- "Chip Off" reverse engineering techniques
- DRM penetration testing
- Proof-Of-Concept hardware and software exploitation
- Embedded Systems security architecture review
* All hardware prototypes are handled with extreme care including but not limited to: storage in FF-L-2740A DoD certified GSA containers.
Security Architecture & risk assessment:
Did you already build it and now you want to learn more about how to secure it?
Xipiter can help with understanding the risks to applications and infrastructure and help build plans for how you can move forward. Xipiter staff has experience building information security practices (at technology companies and startups) from the ground up so we know how to communicate the highly technical security issues that have business impact, succinctly. We've not only had to secure infrastructure and applications, but we've also been (and are currently) developers ourselves, so we understand the need to just "get it done and out the door". We'll help you circle back around to build a plan to secure your applications or infrastructure. Services include but are not limited to:
Xipiter can help with understanding the risks to applications and infrastructure and help build plans for how you can move forward. Xipiter staff has experience building information security practices (at technology companies and startups) from the ground up so we know how to communicate the highly technical security issues that have business impact, succinctly. We've not only had to secure infrastructure and applications, but we've also been (and are currently) developers ourselves, so we understand the need to just "get it done and out the door". We'll help you circle back around to build a plan to secure your applications or infrastructure. Services include but are not limited to:
- Developer training and Security Awareness
- Staff Awareness (through real attacks and social engineering)
- Disaster Recovery Planning
- Executive reporting
- Security Architecture Review and Risk Assessment
- Legacy Application security
Mobile application security:
These days, virtually everyone has a "mobile" component. At Xipiter we have unique expertise in this area. Xipiter staff have given many international talks and trainings on mobile device security issues. We've spoken at the world's leading information security conferences (as well as other venues such the largest mobile semiconductors expos) on these very issues. We've even co-authored books on this very subject. So we can help you secure your mobile apps! Xipiter Mobile Application Services include but are not limited to:
Additionally, Xipiter can help you to secure where your mobile application meets your business logic and backend infrastructure. We can help you implement security from down on the device up through the backend, or just test what you've currently tried to implement.
Contact us for more information.
- Code Auditing (Android, Windows Mobile, iOS)
- PII Risk Assessments (Personal Information)
- Mobile Application Reverse Engineering
- Cryptographic implementations (both on device and "in flight")
Additionally, Xipiter can help you to secure where your mobile application meets your business logic and backend infrastructure. We can help you implement security from down on the device up through the backend, or just test what you've currently tried to implement.
Contact us for more information.
tool development:
Do you need a security tool written? Or perhaps you need someone to develop or implement the "security" parts of your application (SSL, crypto implementation, secure session management, anti-reverse engineering or IP/business logic hiding)? Xipiter can help you with that.
A common misconception about "security researchers" is that they don't do much development. The reality, however, is that most "security research" is merely custom application development. From code audits to "unit testing", fuzzing, and exploitation; good security researchers are "developers" first. At Xipiter we've spent most of our careers doing tool development (some of us even developers on non-security applications) so we can help you or your developers to write and implement the "security" bits of your code in web applications, desktop programs, and mobile applications. Services include but are not limited to:
Xipiter has performed these services (mostly as a "remediation" service) to embedded system manufacturers, large software companies, and mobile application developers.
Contact us for more information.
A common misconception about "security researchers" is that they don't do much development. The reality, however, is that most "security research" is merely custom application development. From code audits to "unit testing", fuzzing, and exploitation; good security researchers are "developers" first. At Xipiter we've spent most of our careers doing tool development (some of us even developers on non-security applications) so we can help you or your developers to write and implement the "security" bits of your code in web applications, desktop programs, and mobile applications. Services include but are not limited to:
- Exploit development
- Fuzzing and unit testing
- Anti-reverse engineering or code obfuscation
- Privilege separation or Sandbox integration
- Cryptography implementation and integration (SSL et al)
- DRM implementations and integration
Xipiter has performed these services (mostly as a "remediation" service) to embedded system manufacturers, large software companies, and mobile application developers.
Contact us for more information.
Forensics & incident response
Xipiter's expertise in offensive security coupled with reverse engineering skill and knowledge of embedded systems allows Xipiter to provide a fairly broad assortment of Incident Response services. Xipiter has provided "full stack" incident response such as:
Contact us for more information.
*All hardware and forensic evidence is handled with extreme care including but not limited to: storage in FF-L-2740A DoD certified GSA containers.
- Post-exploitation analysis of operating systems and infrastructure
- Remediation planning
- "Chip Off" computer forensics (removing storage media to obtain data in embedded systems and devices)
- Reverse engineering of malware or spyware
- Executive reporting
Contact us for more information.
*All hardware and forensic evidence is handled with extreme care including but not limited to: storage in FF-L-2740A DoD certified GSA containers.
Some of our clients
We take our client confidentiality very seriously.
In fact, we prefer to be discrete (which is why we operated without a public site for most of our existence).
But for prospective customers, here are a few of our clients that have graciously allowed us to list them.
In fact, we prefer to be discrete (which is why we operated without a public site for most of our existence).
But for prospective customers, here are a few of our clients that have graciously allowed us to list them.
RIM(Blackberry)
|
ComCast/XFinity
|
The National Security Agency
|
Samsung
|
Hewlett-Packard
|