Business challenge:
Conduct an independent comprehensive security audit to ensure the security of different client-server and embedded solutions.
Business value:
Comprehensive reports on security risks and vulnerabilities with strategical and tactical recommendations on mitigating threats and improving security.
Solution:
The whole scope of security services, namely penetration tests and deep technical security analysis of the physical security management solutions and the devices’ embedded software.
Technologies used:
- NIST SP800-115
- PTES
- OWASP
- EC-Council
- ISF SoGP
- BSI IT-Grundschutz
Client Background
Bosch Security Systems is a leading global supplier of security, safety, and communications products and systems. The product portfolio includes video surveillance, intrusion detection, fire detection and voice evacuation systems as well as access control and management systems. Bosch Security Systems develops and manufactures its products in its own plants in Europe, Americas, and Asia and has distribution partners in more than 150 countries.
Business Challenge
Bosch Security Systems has been a long-term customer of Infopulse. Since 2007, the two companies implemented many successful projects together. This time, our client asked us to conduct an independent comprehensive security audit of different client-server and embedded solutions.
Solution
Types of services:
- security assessment
- threat and risk analysis
- penetration testing
Infopulse developed clear and transparent rules of engagement and full specifications of the technical security assessments. Upon approving the security assessment plan with the client, Infopulse implemented the whole scope of the security project, namely penetration tests and deep technical security analysis of the physical security management solutions and the devices’ embedded software, i.e., application binaries, configurations, data, traffic, protocols, interfaces, encryption, databases, etc. All actions were conducted with the formal compliance with the customer’s internal requirements and external regulations.
Standards and tools:
The project was conducted with adherence to the world’s best practices – NIST SP800-115, PTES, OWASP, EC-Council, ISF SoGP, BSI IT-Grundschutz.
Infopulse used numerous proprietary automated and manual tools, including reconnaissance, enumeration and scanning tools, network traffic analyzers, sniffing tools, web, and TCP debug proxies, database vulnerability analysis tools, cryptanalysis tools, binary analyzers, and debuggers, etc.
Business Value
The customer received comprehensive reports on security risks and vulnerabilities with strategical and tactical recommendations on mitigating threats and improving security. The following benefits were provided:
- Reduced security costs
- Dramatically reduced business risks
- Improved software quality of the products to be delivered to the end-customers worldwide.
Customer Quote
The Bosch brand is a global leader of quality and innovations. Our product philosophy is to build reliable and trustworthy solutions with adherence to the highest industry standards. By making valuable contributions to the development of our products, Infopulse has proven to be a productive, efficient and reliable partner for Bosch Security Systems. We would like to express sincere appreciation for the quality of services delivered by Infopulse security team. – Harald Schoengen, Senior Manager at Bosch Security Systems
Download Case Study in PDF format