Services

Security by Design

Security should not be an afterthought

Design flaws sometimes cannot be solved after deployment. It might not be feasible to replace an already deployed system, especially after a significant investment has been made to develop or acquire it. As a result, it is much more difficult and expensive to address security after deployment rather than during development.

Secure software life cycle, threat and maturity models

We conduct hybrid design, architecture, and configuration reviews across different life cycle phases (from design to development, from deployment to maintenance) to measure and consistently improve the security posture of hardware and software products.

Our security by design reviews include:

Secure design review via documentation analysis and practical testing

Attack surface analysis via threat modeling and dedicated metrics

Configuration review of servers, workstations, and other endpoints

Password recovery, cracking, and statistical analysis

The process of designing for security is driven by secure system development life cycle (SSDLC) principles, along with custom threat and maturity models.

Services

Security by Design

Secure software life cycle, threat and maturity models

Our security by design reviews include:

The process of designing for security is driven by secure system development life cycle (SSDLC) principles, along with custom threat and maturity models.

Extending Burp Suite for fun and profit – The Montoya way – Part 9

Groovy Template Engine Exploitation – Notes from a real case scenario, part 2

Brida 0.6 released!

Streamlining Vulnerability Research with the idalib Rust Bindings for IDA 9.2

Attacking GenAI applications and LLMs – Sometimes all it takes is to ask nicely!

Export to PDF allows local file inclusion/path traversal in Microsoft 365

Fault Injection – Follow the White Rabbit

My Zero Day Quest & BlueHat Podcast

Local privilege escalation on Zyxel USG FLEX H Series (CVE-2025-1731)

HN Security S.r.l.

Services

Pages

Legal