JWP Consulting GK

Security auditing

Prove that your information systems are secure with a security audit from JWP Consulting GK. With the right audit, you can be confident that your systems can withstand threats and are compliant with industry regulations. The following services are available:

  • System auditing:
    • Architecture reviews
    • Protocol audits
    • Formal verification
  • Software auditing:
    • Secure code reviews
    • White-box security testing
    • QA automation
  • Penetration testing
  • Binary analysis and reverse engineering

Previous systems that JWP Consulting GK audited applied the following cryptographic technologies and secure development practices:

  • Public-key cryptography, especially Elliptic-Curve Cryptography
  • Reliable message authentication and protection from replay attacks
  • Secure data encoding (ASN1-based formats, JSON Web Token, XML-Enc)
  • Prevention of deserialization-related Remote Code Execution vulnerabilities
  • Air-gapped software deployment using single static binaries
  • Reproducible and deterministic build systems using Nix
  • Cross-platform debugging and reverse engineering using emulation and virtualization techniques

Are you interested in receiving a security assessment for your product or service? We’d love to hear from you.

Vulnerabilities are inevitable

Do you need to assess and improve the security of your web app? Almost every web app is vulnerable to at least one of the OWASP Top 10 vulnerabilities. Even using the latest version of a framework doesn’t automatically protect you from issues such as the following:

  • Security misconfiguration, for example exposed cookies in the browser DOM.
  • Insecure design, such as exposing a JSON Web Token (JWT) to clients that are vulnerable to cross-site scripting, leading to vulnerabilities that aren’t visible at first glance.
  • Broken Access Control, such as exposing objects by unique ID on external storage providers without validating authentication or authorization, leading to critical loss of confidentiality.
  • Data Integrity Failures, such as accidental deserialization and execution of attacker-provided payloads (for example, Python pickling or unsafe YAML deserialization), possibly compromising your server infrastructure.

Adding more features to a web app increases the risk of inadvertently introducing vulnerabilities. Contact us for information on how to comprehensively test and secure your app.

Learn about other services here.