We bring deep technical knowledge to your security needs. Our experts find the vulnerabilities that can impact your business, and give you actionable mitigation plans to close the holes. 


2378867408_4cc90791d6_z.jpg

We provide assessments of applications, system, and mobile code, drawing on our employees' decades of experience in developing and securing a wide variety of software and hardware. Our work includes design and architecture reviews, threat modeling, and code analysis with targeted fuzzing to find exploitable issues.

Software Evaluation Services

APPLICATION PENETRATION TESTING - We perform high-end penetration tests that mimic the work of sophisticated attackers. We follow a formal penetration testing methodology that emphasizes repeatable, actionable results that give your team a sense of the overall security posture of your organization.

MOBILE APP SECURITY - Mobile apps have their own set of threats, interacting with other apps on mobile devices, and having to live in an open network environment such as public WiFi hotspots. Our team understands these threats, and can help secure your mobile apps for the harsh environment of coffee shops, bus rides, and the multitude of potentially dubious other apps your users load onto their phones.

APPLICATION DESIGN REVIEW - A Leviathan threat model provides you with a color-coded picture of the attack surfaces in your system where attackers will focus. This lets you the focus activities that are most impactful and leading to more cost effective security reviews. your security efforts on your components that matter.

CODE REVIEW - We conduct security evaluations and penetration tests based on our code-assisted methodology, allowing us to find deeper vulnerabilities, logic flaws,and fuzzing targets than a black-box test would reveal. This gives your team a stronger assurance that the significant security-impacting flaws have been found and corrected.


36605757963_cdfe847c1c_z.jpg

We evaluate new hardware devices including novel microprocessor designs, embedded systems, mobile devices, consumer-facing end products, and core networking equipment that powers Internet backbones.

Hardware Evaluation Services

EMBEDDED & IoT DEVICES - The Internet of Things encompasses many kinds of things, including medical devices, kiosks, data center appliances, iot cameras, and cars. Big or small, they are all software, and they are not managed after deployment. As such, IoT need to be secure enough to stand on their own. Leviathan can help secure your IoT, to keep your customers safe.

REVERSE ENGINEERING - We assist clients with reverse engineering efforts not associated with malware or incident response. We also provide expertise in investigations and litigation by acting as experts in cases of suspected intellectual property theft.

FIRMWARE - Firmware is software, baked into a chip. Leviathan's experts have the skills to extract software from ROMs, and do the low-level code analysis and penetration testing to secure your product firmware.

HARDWARE DESIGN REVIEW - Does your design leave critical hardware exposed? Can an attacker with a USB stick write to all of memory and take control of your product? Is debugging functionality still available? Leviathan hardware engineers can provide security design and implementation reviews and penetration testing of your product, before it ships and becomes prohibitively expensive to fix.

 


8437956869_66d8b38f1b_z.jpg

Network security is now far more than just having a firewall. Enterprises now have pervasive Wi-Fi hotspots, staff bringing their own equipment to work, and growing cloud infrastructure.

Network Evaluation Services

PERIMETER IDENTIFICATION & ASSESSMENT - Ideally your network perimeter is one firewall, tightly managed. But in practice, anyone with a network port can create new ingress points. Our experts can scan your network and identify the real perimeter that exists, and help you to lock it down to only have managed access points.

CLOUD SECURITY - Migrating to the cloud relieves the burden of hardware management, but not network security. Just like traditional networks, the security is only as good as your configuration. Leviathan's team has experience with Amazon AWS, Google GCP, Microsoft Azure, and Oracle's cloud. We can help prevent your cloud from evaporating.

NETWORK DESIGN REVIEW - Compliance regimes, such as PCI, impose network security requirements on regulated enterprises. Leviathan's Technical Services team can collaborate with our Risk and Advisory Services team to help you ensure that your network is in compliance with the regulations applicable to you.

WIRELESS NETWORK PENETRATION TESTING (BYOD) - "Bring Your Own Device" to work is happening explicitly at some enterprises that allow or encourage workers to bring their own laptops to work, and implicitly at most enterprises as nearly all workers carry smart phones and many of them connect to corporate Wi-Fi. Leviathan's network security engineers can help you keep all the various devices on the right network segments, so that you have happy workers and secure access to enterprise resources.


5397918675_7a1cac0ef1_z.jpg

Like fitness, security is a journey, not a goal, you have to keep working at it to maintain it. To help you maintain your security, Leviathan can provide custom software tools, which can be developed and provided to you during a security evaluation project. These tools can efficiently help to find vulnerabilities in your code, long after Leviathan has left the building.

Security Tool Development Services

FUZZER DEVELOPMENT - Fuzzing is a highly effective way to find bugs in code, but it only works well if the fuzzer is fit to the network protocol or file format at hand. Leviathan can build custom fuzzers that speak your language.

API TEST HARNESSES - Leviathan security engineers test APIs by systematically providing unexpected values to your APIs. We can give you the software tools to continue testing your APIs in your path to delivery.

SOCIAL ENGINEERING HARDWARE - One of the largest vulnerabilities enterprises face is social engineering attacks against staff. Leviathan can create custom tools, such as fake/enticing web sites, and apparently-benign USB sticks, to test how vulnerable your staff are to such attacks.