Computer Network Attack (CNA)
For Computer Network Attack (CNA), the goal is to develop exploits that can be readily weaponized into deployable payloads.
Our CSS engineers have more than 10 years of "on-the-bench" vulnerability analysis experience, including a multitude of zero-day vulnerability discoveries and neutralizations. Such assessments have included both white and black box testing of software and hardware applications to discover previously unpublished security flaws:
- White box testing is analyzing security while having intimate knowledge of a system's internal design. Primarily accomplished through source code analysis--via static and dynamic code checkers and manual methods.
- Black box testing is analyzing security while having little knowledge of a system's internal design. Includes fuzzing, application analysis (cross site scripting, HTML injection, SQL injection, etc.), and password cracking.
In addition, our team is a sought after "advisor" to Government and Industry, continually being invited to brief new technologies for cyber threat detection, assessment, and neutralization. During the 2009 Air Force Research Lab (AFRL)/Sandia Labs Malware Exchange Conference, our engineers identified the threat that mobile devices present to the internal network to which they connect. In July of 2009, our team presented at the Classified Advanced Technical Update given at the Naval Post Graduate School in Monterey, CA on emerging threats in cyber security, including zero-day bugs in several mainstream desktop applications.
Expertise in Mobile Device Security
Mobile devices present a particular new threat to enterprise systems due to the lack of focus on security of these powerful computing platforms.
Sypris Electronics engineers have experience in researching and discovering bugs in emerging smart phone technologies. This experience can be brought to bear in developing new exploitation techniques and weaponized payloads.
- Secure Communications
- Global Key Management
- Identity Authentication
- Cyber Security Solutions
- Cyber Range
- Smart Grid Security
- Computer Network Defense
- Certification & Accreditation
- Penetration Testing
- Vulnerability Analysis
- Security Hardening Services
- Digital Forensics
- Automated Tools Development
- Security Policy Development
- Security Education & Training
- Product Development