Join our growing team

Our vision is to bring together the world's expertise to solve challenging security problems. 

Explore Career Opportunities
We're Hiring
Praetorian Logo

Securing The Internet of Things

Security is critical for the next wave of technological innovation to reach its full market potential

Success
Evaluations
Delivery
Standards
Certification
Partners
Trusted by
Microsoft recognized Praetorian as a 
“best-in-class" IoT security auditor

IoT security assessments, from chip to cloud

End-to-end coverage that helps organizations successfully balance risk with time-to-market pressures.
Embedded Devices
Identify physical and logical security threats to the embedded systems in IoT product ecosystem.
Device firmware
We help ensure hardware and chip makers have sufficiently addressed IoT firmware insecurities.
Wireless Protocols
Validate security and configuration of wireless communication such as ZigBee, 6LoWPAN, and BLE.
Applications
We actively analyze web and mobile applications for any weaknesses, technical flaws, or vulnerabilities.
Cloud Services
It is critical that cloud services and APIs be tested to determine whether they can be abused by attackers.
Infrastructure
Is backend network infrastructure that is supporting your Internet of Things product ecosystem secure?

Ready for your IoT security evaluation?

Get Started

Praetorian set the standard for IoT security testing and verification

To help product teams address emerging security challenges, Praetorian has created research-driven evaluation methodologies that incorporate guidance from the OWASP Application Security Verification Standard (ASVS), which normalizes the range in coverage and level of rigor applied to each IoT product/solution. With its 3 levels of testing rigor, 17 security control categories, and 211 defined test cases, this approach allows our team to meet your unique testing and budget goals by offering tiered pricing based on the comprehensiveness of the security review.

As an active contributor to OWASP ASVS, Praetorian was the first to introduce the embedded device controls category and test cases for Internet of Things security testing in version 3.1.

As part of a professional security evaluation, and depending on the level of rigor, Praetorian will employ a variety of techniques for uncovering unknown vulnerabilities.

IoT Security Testing and Verification Includes:

  • Penetration testing (run-time analysis)
  • Reverse engineering (binary analysis)
  • Code reviews (static analysis)
  • Threat modeling (design analysis)
  • Device testing (hardware analysis)
  • Security Control Group for Level 1: Opportunistic
  • 100 of 211 Test Cases
  • Architecture, Design, Threat Modeling
  • 1 / 11
  • Authentication Controls
  • 17 / 26
  • Session Management Controls
  • 11 / 13
  • Access Control
  • 7 / 12
  • Malicious Input Handling
  • 10 / 21
  • Cryptography at Rest Controls
  • 2 / 10
  • Error Handling & Logging Controls
  • 3 / 13
  • Data Protection Controls
  • 4 / 11
  • Communications Security Controls
  • 7 / 13
  • HTTP Security Controls
  • 6 / 8
  • Malicious Controls
  • 0 / 2
  • Business Logic Controls
  • 0 / 2
  • Files and Resources Controls
  • 7 / 9
  • Mobile Controls
  • 7 / 11
  • Web Services Controls
  • 7 / 10
  • Configuration Controls
  • 1 / 10
  • Embedded Device Controls
    New
  • 10 / 29
ASVS Level 1 is meant for all software.
  • Security Control Group for Level 2: Standard
  • 173 of 211 Test Cases
  • Architecture, Design, Threat Modeling
  • 8 / 11
  • Authentication Controls
  • 24 / 26
  • Session Management Controls
  • 13 / 13
  • Access Control
  • 11 / 12
  • Malicious Input Handling
  • 20 / 21
  • Cryptography at Rest Controls
  • 7 / 10
  • Error Handling & Logging Controls
  • 9 / 13
  • Data Protection Controls
  • 8 / 11
  • Communications Security Controls
  • 9 / 13
  • HTTP Security Controls
  • 8 / 8
  • Malicious Controls
  • 0 / 2
  • Business Logic Controls
  • 2 / 2
  • Files and Resources Controls
  • 9 / 9
  • Mobile Controls
  • 10 / 11
  • Web Services Controls
  • 10 / 10
  • Configuration Controls
  • 5 / 10
  • Embedded Device Controls
    New
  • 20 / 29
ASVS Level 2 is for applications that contain sensitive data, which requires protection.
  • Security Control Group for Level 3: Advanced
  • 211 of 211 Test Cases
  • Architecture, Design, Threat Modeling
  • 11/ 11
  • Authentication Controls
  • 26 / 26
  • Session Management Controls
  • 13 / 13
  • Access Control
  • 12 / 12
  • Malicious Input Handling
  • 21 / 21
  • Cryptography at Rest Controls
  • 10 / 10
  • Error Handling & Logging Controls
  • 13 / 13
  • Data Protection Controls
  • 11 / 11
  • Communications Security Controls
  • 13 / 13
  • HTTP Security Controls
  • 8 / 8
  • Malicious Controls
  • 2 / 2
  • Business Logic Controls
  • 2 / 2
  • Files and Resources Controls
  • 9 / 9
  • Mobile Controls
  • 11 / 11
  • Web Services Controls
  • 10 / 10
  • Configuration Controls
  • 10 / 10
  • Embedded Device Controls
    New
  • 29 / 29
ASVS Level 3 is for the most critical applications that perform high value transactions, contain sensitive medical data, or any application that requires the highest level of trust.
Coverage Key
Inadequate
Fair
Good
Excellent

Praetorian follows the OWASP ASVS standards, which normalizes the range in coverage and level of rigor applied to each application.

Use security as a competitive advantage with IoT product certifications

Praetorian provides security certifications for IoT products by verifying that solutions meet requirements of OWASP ASVS, which is a list of application security requirements or tests that can be used by architects, developers, testers, security professionals, and even consumers to define what a secure application is.

Evaluation ratings compare information gathered during the course of a Praetorian assessment to the OWASP ASVS version 3.1 criteria for security standards. In total, OWASP ASVS contains 17 unique security control category requirements and over 200 publicly documented test cases.

In addition, Praetorian provides a letter grade representing an IoT product’s current, post-remediation security posture. Praetorian calculates grades based on the "Existing Vulnerability Measure" (EVM) formula. EVM is used to quantify the collective risk of findings identified during an assessment. The letter grade leverages EVM to benchmark risk posture against Praetorian's client-base.

Get secure and move to scale with confidence

Get certified

Partnerships across the IoT landscape

Remaining product agnostic, Praetorian has developed partner relationships across the IoT supply chain—from chip to cloud.

Got a problem? We'd love to solve it!

Contact Us
"Praetorian's approach was very professional, to the point and comprised of in-depth analysis of the security vulnerabilities, which was greatly beneficial to us."
Fakhr Ul-Islam
Director Product Management IOT
"Praetorian was very quick to respond with quotes, very thorough in their testing procedures, and very accommodating to our schedule limits and tight deadlines. Will be back in touch soon to talk about additional work."
Mark House
Information Security
"I was very happy with the team, everyone was professional, the items found were useful, and I've received positive feedback from others here in engineering."
Mike Yoder
Software Engineer
"Praetorian always considers the broader set of enterprise services we have here at Qualcomm so reports and recommendations can be actionable."
Gabe Lawrence
Senior IT Security Engineer