|
Logical security testing
Riscure has a wide variety of proprietary security test tools. We
support these tools with extensive manual testing and configuration
review. We test the security of:
| • |
Communication protocols (T=0, T=1)
|
| • |
Application protocols (APDUs)
|
| • |
Java Card Virtual Machine
|
| • |
Applet (or application) source code
|
| • |
GlobalPlatform security
|
| • |
GSM 03.48 security mechanisms for SAT
|
| • |
GSM 03.19 SIM application toolkit |
Java card security evaluation
Riscure has developed a test tool (JCworkBench) and an extensive
test suite of 250 dedicated malicious test applets. This test system
verifies all Java card operating system security requirements.
more...
Source code review
Applications should follow specific design rules in order to maximise
defense against other malicious applications or system attacks.
Further, an application should implement its own defenses against
side-channel analysis in order to complement the security measures taken at lower level inside the chip. Riscure
performs application source code reviews that include a verification of
security design rules and an inspection for potential malicious
code.
|
