GENERAL SOFTWARE SECURITY
VDA Labs is a trusted partner, and we’re comfortable working all across the Secure Development Lifecycle: architectural review, component analysis, code auditing, dynamic pentesting, and release review are what we love to do.
Good security starts with a good design. Glazing security on afterwards is a mistake from the 90’s. VDA will review your product architecture and specifications to make sure the project is moving in the right direction.
Corrections here will save significant cost, compared to later findings.
Software is assembled as much as written these days. Are the components OK? Correct licensees, and up-to-date? We’ll check.
VDA will also check the security of the code you wrote. We use a combination of open source and commercial tools to scan for shallow bugs. We then dig deeper using manual code audits to find those subtle bugs automation will never find.
For natively compiled code (C/C++) we’ll do fuzzing. We literally wrote the book on fuzzing, and use a combination of custom and commercial tools.
For web applications and mobile we use a combination of manual and automated pentesting with tools like Burp and Zap.
In short, we’ll find those hard to reach bugs.