Our Services
Delivering Bit and Pin Level IT Security
Search-Lab is your go-to laboratory and consultancy service for top-level IT security solutions. We’re more than just a company revealing security issues; we're a partner in maintaining secure product quality throughout the entire development lifecycle.
Our philosophy is: "Properly Protected Products”
IT Security Consultation
We provide comprehensive IT security consultation services to top software and hardware developers. Security can’t tolerate bugs. Even the smallest mistake in design or implementation can lead to an exploitable vulnerability which can undermine the security of an IT system. Therefore it is essential that security-critical software and hardware products should be tested and evaluated according to strict security requirements before released to the market.
We provide comprehensive IT security consultation services to top software and hardware developers. Security can’t tolerate bugs. Even the smallest mistake in design or implementation can lead to an exploitable vulnerability which can undermine the security of an IT system. Therefore it is essential that security-critical software and hardware products should be tested and evaluated according to strict security requirements before released to the market.
Security evaluations and auditing
Security evaluation requires both intelligence and unceasing systematics. SEARCH-LAB therefore combines human intelligence-based manual security auditing and automated security and robustness testing to provide the best possible security assurance level in a cost effective manner. To achieve the best possible resilience to attacks, one has to be aware of the latest attack methods threatening a certain IT system.
Well-Equipped Laboratory Services: Our laboratory boasts state-of-the-art equipment, including software testing tools, hardware testing devices, and a collection of hacking gadgets. Our equipment enables us to perform fuzzing, fault-injection based automated testing, man-in-the-middle analytical operations, and much more.
Deep Evaluation Adjusting to Your Needs: We offer a unique blend of automated testing and human intelligence based manual evaluation. Our exclusive evaluation methodology, MEFORMA, is adaptable to various requirements, making our services uniquely tailored to your product evaluation needs.
Device Evaluation: We bring a tried and tested approach to device evaluation. Our Device Evaluation Methodology has enabled successful, efficient, and effective evaluation of over 400 different IoT devices. We offer clear reporting on executed tests, found vulnerabilities, and provide practical Security Certification Levels based on attacker potential and our experience of over 10 years of security evaluations.
| Security Level | Expert Days of Evaluation | Runtime of Evaluation | Target of Evaluation | Depth of Evaluation |
|---|---|---|---|---|
| SCL 0 | ||||
| SCL 1 | 1 day | 1 week | 1 sample box | Black-box |
| SCL 2 | Black-box | |||
| SCL 3 | Black-box | |||
| SCL 2-4 | 10 days | 3 weeks | 2 sample box | Black-box |
| SCL 5 | Grey-box | |||
| SCL 2-6 | 15 days | 4 weeks | 2 sample boxes | Grey-box |
| SCL 7 | Grey-box | |||
| SCL 5-8 | 20 days | 8 weeks |
2 sample boxes boxes + open debug box |
Grey-box |
| SCL 9 | TBD | TBD |
sample boxes + Source code |
White-box |
| SCL 10 | TBD | TBD |
sample boxes + Source code |
White-box |
Achievements:
- 7 operating systems evaluated
- Over 50 mobile phones evaluated
More than 400 IoT devices evaluated including video set-top boxes, WiFi routers, Network Area Storage (NAS) devices, IP Cameras, Network Video Recorders (NVR), Medical laboratory equipment, Smart meters, Smart home devices
More than 400 IoT devices evaluated including video set-top boxes, WiFi routers, Network Area Storage (NAS) devices, IP Cameras, Network Video Recorders (NVR), Medical laboratory equipment, Smart meters, Smart home devices
A selection of our partners:
Secure coding academies - SCADEMY
Tailored software security courses designed for large development teams, enhancing skills and knowledge in secure coding practices. Our training is one-of-a-kind. We understand that every company requires something unique to them, which is why our courses are tailored around your needs rather than being off-the-shelf. We make things personal and love forming relationships with those looking to upskill and develop. Whether it’s different languages spoken, varying participant numbers required, delivery modes, or anything else at all, we get to know you and what makes your business tick before signing you up for any course.
All in all, SCADEMY provides a culture of learning and a memorable, bespoke experience, rather than “just another training course”, and we can do the same for you today. Let’s chat about your training requirements today and get to know each other. Get in touch to schedule a training course conference call and let SCADEMY take your skills to the next level.