Vulnerability Assessment

We will reverse engineer applications to detect software Libraries in the binary code and match them with security threats disclosed by published vulnerability reports.

Our Process

Silhouette of a person using a laptop while standing.

We maintain a commercial license of Nessus, and also use Ghidra, an open software reverse engineering (SRE) framework created and maintained by the National Security Agency (NSA) Research Directorate. Once software products and libraries are identified, they will be matched with the Common Product Enumeration (CPE) product names disclosed in the National Vulnerability Database (NVD). Through this process we will assess products to examine if they include any known vulnerability (CVE). For cases that we have access to the actual source code, we will use a set of tools from the Open Worldwide Assplication Security Project (OWASP) community to assess and review the security of each product. Examples of tools that we have previously worked with are OWASP Zap and OWASP Dependency-Check.

What You’ll Receive

Descriptive attributes of each asset will be derived from reverse engineered program and symbol trees and other artifacts like imports, dependencies, embedded string literals, and decompiled source code. Free-form text derived from the reverse engineering process will be used to derive the feature vectors that will be used to identify embedded software products and libraries.

Location

exterior view of the GCI building in the evening.

ESL Global Cybersecurity Institute

Our state-of-the-art Cyber Range and Training Center, located at the ESL Global Cybersecurity Institute on RIT’s campus in Rochester, NY. It is capable of hosting more than 5,000 virtual machines simultaneously in immersive scenarios, enabling Executive Incident Response Training, Threat Intelligence and Emulation Training, and more.

Within this infrastructure, we are able to introduce threat intelligence systems in scale replicas of any massive, global business, with specific focus on healthcare, energy, and finance. The Cyber Range and Training Center provides alternate reality instructional vignettes for cohorts of corporate leaders and IT security professionals to experiment and learn, facilitating research opportunities in the most critical of industries.

Book Now

Contact Sarah Yarger to book your training and learn more!

Sarah Yarger
Sarah Yarger
Project and Operations Manager
585-475-6070