What QIMA can recommend if you need a hardware of software evaluation?
QIMA proposes a step-by-step approach to its clients during security evaluations, using Flaw Hypothesis Methodology based on our own Common Criteria experience.
What is the advantage of an evaluation based on flaw hypothesis methodology?
The essence of the methodology is to set up the Flaw Hypothesis and then to test the hypothesis by analyzing the documentation in more depth and detail and finally by penetration testing.Based on the errors found, we perform a “generalization” of the errors, eliminate or correct them and perform a re-check. The target security level can be reached on an increasing basis: first solving the most aching problems, then strengthening the security of the IT system gradually.
What security evaluation services can QIMA offer?
Security by design
Secure coding training
Vulnerability assessment
Penetration testing
Hardening
Security audit
Are there evaluations for mobile applications?
For mobile applications QIMA proposes to follow the OWASP Mobile Application Security Verification Standard. The evaluation process is based on MASVS-L1 Standard Security level and additionally extended to MASVS-L2 Defense-in-Depth level.
How long does a Hw or Sw evaluation takes at QIMA?
It depends on the product we test, and many factors such as product complexity and assurance claims. Usually a simple penetration task can take a few weeks, a complex vulnerability assessment project can take a few months, whilst a higher evaluation assurance level of Common Criteria evaluation could even take 6-12 months depending on the quality of manufacturer documents and the number of deficiencies found during the evaluation.