Penetration Tests of Products
Penetration tests can be applied to evaluate the security of IT products. A test conducted by external security experts points out weaknesses that are easily overlooked during the development process. A pentest before a product's final release may also avoid possible follow-up costs. Additionally, the results of a product pentest can be used for advertising, allowing for a competitive advantage.
An IT product where security is relevant can be any combination of hard- and software. One can distinguish between a specification and an implementation test of a product. For example, for a software that is used to provide encrypted communication between a bank and its customers, not only the specification should be tested. Examining the implementation in the way it is used in a productive environment is equally necessary.
Especially for Internet applications, product security tests are recommended. Access is often possible from the Internet and security holes usually have severe consequences. A newly developed web application can for example become an attacker's gateway to your internal systems or data. This does not only harm the application's users, but also your and your product's reputation.
Increasing Demand for Security
A growing field for IT security is the area of embedded devices. These devices are for example used in car or airplane control systems, for wireless communications or online banking transaction security. Due to the increasing complexity of these devices, the number of attack vectors grows, too. A product security test anticipates what attackers might do and helps in closing possible security holes.