Praetorian Security Assessments

How can Praetorian help you?

Develop, deploy, and maintain secure Internet of Things solutions, from chip to cloud

Praetorian’s Internet of Things assurance services take a holistic approach to security testing by reviewing the entire product ecosystem, from chip to cloud, while prioritizing vulnerabilities so you can successfully balance risk with time-to-market pressures.

From smart homes, connected medical devices, and smart grids to connected cars, industrial automation, and physical plant operation, Praetorian’s Internet of Things full-coverage assurance services will help your organization better deliver and deploy secure connected products.

Contact Sales

Embedded Security

Identify physical and logical security threats to the embedded system, such as local controllers/gateways.

Firmware Security

Get an understanding of best practices and identify gaps in firmware security and OTA device update processes.

Wireless Security

Ensure wireless communication protocols used, such as ZigBee, 6LoWPAN, and BLE, are implemented using security best practices.

Application Security

Uncover critical software vulnerabilities, understand the true business impact of weaknesses, and get recommendations for mitigation.

Cloud Security

Ensure cloud services and RESTful APIs used to exchange data with Internet of Things networks, applications, devices, and sensors are secure.

Infrastructure Security

Identify vulnerabilities in the networks, hosts, and services that comprise the supporting infrastructure of your Internet of Things solutions.

We help developers solve complex security problems so they can disrupt industry and change the world

Praetorian has created research-driven methodologies that incorporate guidance from the OWASP Application Security Verification Standard (ASVS), which normalizes the range in coverage and level of rigor applied to each application. This approach allows our team to meet your unique testing and budget goals by offering tiered pricing based on the comprehensiveness of the security review.

As part of the security analysis, and depending on the level of rigor, Praetorian will employ a variety of techniques for uncovering unknown vulnerabilities, including:

Penetration testing and dynamic analysis
Secure code review and static analysis
Architectural risk analysis and stakeholder interviews
Documentation and specification reviews

Praetorian offers deep security expertise, unified through software, with deliverables that include comprehensive reporting that details exposures as well as strategic recommendations to improve systemic issues through the software development life cycle.

Your development team will also benefit from knowledge transfer delivered by a project team that includes experienced frontline engineers and computer scientists using up-to-the-minute methodologies and tool sets.

Contact Sales

Architecture, Design, Threat Modeling
1 / 11

Authentication Controls
17 / 26

Session Management Controls
11 / 13

Access Control
7 / 12

Malicious Input Handling
10 / 21

Cryptography at Rest Controls
2 / 10

Error Handling & Logging Controls
3 / 13

Data Protection Controls
4 / 11

Communications Security Controls
7 / 13

HTTP Security Controls
6 / 8

Malicious Controls
0 / 2

Business Logic Controls
0 / 2

Files and Resources Controls
7 / 9

Mobile Controls
7 / 11

Web Services Controls
7 / 10

Configuration Controls
1 / 10

Embedded Device Controls
New
10 / 29

ASVS Level 1 is meant for all software.

Architecture, Design, Threat Modeling
8 / 11

Authentication Controls
24 / 26

Session Management Controls
13 / 13

Access Control
11 / 12

Malicious Input Handling
20 / 21

Cryptography at Rest Controls
7 / 10

Error Handling & Logging Controls
9 / 13

Data Protection Controls
8 / 11

Communications Security Controls
9 / 13

HTTP Security Controls
8 / 8

Malicious Controls
0 / 2

Business Logic Controls
2 / 2

Files and Resources Controls
9 / 9

Mobile Controls
10 / 11

Web Services Controls
10 / 10

Configuration Controls
5 / 10

Embedded Device Controls
New
20 / 29

ASVS Level 2 is for applications that contain sensitive data, which requires protection.

Architecture, Design, Threat Modeling
11/ 11

Authentication Controls
26 / 26

Session Management Controls
13 / 13

Access Control
12 / 12

Malicious Input Handling
21 / 21

Cryptography at Rest Controls
10 / 10

Error Handling & Logging Controls
13 / 13

Data Protection Controls
11 / 11

Communications Security Controls
13 / 13

HTTP Security Controls
8 / 8

Malicious Controls
2 / 2

Business Logic Controls
2 / 2

Files and Resources Controls
9 / 9

Mobile Controls
11 / 11

Web Services Controls
10 / 10

Configuration Controls
10 / 10

Embedded Device Controls
New
29 / 29

ASVS Level 3 is for the most critical applications that perform high value transactions, contain sensitive medical data, or any application that requires the highest level of trust.

Coverage Key

Inadequate

Fair

Good

Excellent

Praetorian follows the OWASP ASVS standards, which normalizes the range in coverage and level of rigor applied to each application.

We simulate high-impact security breaches to help organizations better understand real security risks

A penetration test assesses the effectiveness of security controls by simulating a real-world attack that mimics current adversary techniques. Penetration testing is useful for illuminating unknown security weaknesses that could result in a compromise.

Organizations working towards a higher-level of security maturity may be ready for red team operations, which showcases the same standard operating procedures and goal-oriented nature of an advanced persistent attack. Red team operations is the next step in threat assessment and incident response preparedness. Praetorian’s core team includes former NSA operators and CIA clandestine service agents capable of executing advanced advisory simulation.

As part of Praetorian security assessments, and depending on the level of rigor, our security engineers employ a variety of techniques for uncovering unknown vulnerabilities.

Penetration testing attack vectors may include:

External Network

Internal Network

Social Engineering

Wireless Network

Physical

Contact Sales

Find, track, and prioritize risk within your environment

Engaging Praetorian for a security audit provides a more holistic security review that includes direct access to key devices and servers, stakeholder interviews, network diagrams, and documented policies.

Activities conducted during a security audit may include:

Sensitive Data Flow Analysis

Vulnerability Assessments

Network Architecture Review

Cloud Architecture Review

Firewall Security Review

VPN Security Review

Active Directory Review

Wireless Security Review

Breach Readiness

A breach readiness review will evaluate the team’s readiness for detecting a breach as well as analyze the network for signs of existing compromise.

Activities for the third and final phase include:

Detection Capabilities Review

Compromise Indicator Analysis

We use the NIST Cybersecurity Framework to help identify current and targeted future states of your organization's security program

Praetorian will benchmark your organization’s current cybersecurity posture to the NIST Cybersecurity Framework and identify an appropriate target state based on the organization’s threat and vulnerability profile. By combining the NIST Framework and the Top 20 Critical Security Controls (CSC), a useful current/target state analysis can be performed and then utilized as a driver for prioritized activities to improve an organization’s security posture.

A third-party security assessment that leverages these frameworks is an established cornerstone of information security operations, providing:

A threat profile of an adversary with access to the Internet or internal networks
Enumeration of systems, services, and applications that comprise these networks
An evaluation of the environment for technical vulnerabilities and security exposures
An analysis of the vulnerabilities for systemic causes
Strategic recommendations to improve technical, procedural, and administrative controls

We use data gathered during the various phases of a security audit to identify the current state. Working closely with your organization, we will identify a target state based on the threats to your particular organization, your business needs, technology profile, and overall risk approach. Praetorian utilizes the results of technical security assessments, interviews, and documentation reviews to complete this service.

Contact Sales

Put simply, we help determine where you are today, point A, and then map that to best practices, point B, through actionable remediation advice.

Our value is guiding you on the path between these two points.

Current
State

Best
Practice

Join our growing team

Security Assessments

Gain confidence that your products, services, and data are secure

How can Praetorian help you?

Develop, deploy, and maintain secure Internet of Things solutions, from chip to cloud

Embedded Security

Firmware Security

Wireless Security

Application Security

Cloud Security

Infrastructure Security

We help developers solve complex security problems so they can disrupt industry and change the world

We simulate high-impact security breaches to help organizations better understand real security risks

Find, track, and prioritize risk within your environment

Breach Readiness

We use the NIST Cybersecurity Framework to help identify current and targeted future states of your organization's security program

Put simply, we help determine where you are today, point A, and then map that to best practices, point B, through actionable remediation advice.

Our value is guiding you on the path between these two points.

We offer deep security expertise, unified through software

Ready to get started?

Comprehensive security solutions by industry

Join our growing team

Contact Praetorian to get started.

Call today (800) 675-5152

Security Assessments

Gain confidence that your products, services, and data are secure

How can Praetorian help you?

Develop, deploy, and maintain secure Internet of Things solutions, from chip to cloud

Embedded Security

Firmware Security

Wireless Security

Application Security

Cloud Security

Infrastructure Security

We help developers solve complex security problems so they can disrupt industry and change the world

We simulate high-impact security breaches to help organizations better understand real security risks

Find, track, and prioritize risk within your environment

Breach Readiness

We use the NIST Cybersecurity Framework to help identify current and targeted future states of your organization's security program

Put simply, we help determine where you are today, point A, and then map that to best practices, point B, through actionable remediation advice. Our value is guiding you on the path between these two points.

We offer deep security expertise, unified through software

Ready to get started?

Comprehensive security solutions by industry

Put simply, we help determine where you are today, point A, and then map that to best practices, point B, through actionable remediation advice.

Our value is guiding you on the path between these two points.