Secure Software Engineering
We offer a full range of security system design services that are ready to be implemented into existing structures or during any phase of construction or renovation. Our expertise encompasses areas such as business and enterprise, education, healthcare, industrial, retail, entertainment complexes, and distribution facilities.
Example Applications
| Security Planning, Design and Development | We offer a full range of security system design services that are ready to be implemented into existing structures or during any phase of construction or renovation. Our expertise encompasses areas such as business and enterprise, education, healthcare, industrial, retail, entertainment complexes, and distribution facilities. Our creative, cost-effective designs provide for a competitive bidding process of all types of security systems such as intrusion detection, malware analysis and IT forensics. |
| Advisory on Equipment Specification | As non-product affiliated consultants, we provide honest, unbiased opinions of what you need. We are committed to staying on top of the latest technology in the security industry. We do this by attending all major trade shows each year, participating in ongoing training and education seminars, meeting frequently with numerous manufacturers’ representatives, and by keeping an updated extensive in-house research library. This preparation and experience allows us to offer you the BEST security advice possible. |
| Copy Protection and Vendor engagement | Let us help you select the best security vendor or integrator for your business or evaluate the bids you have already received from vendors. We can provide the specifications and Request for Proposal for the vendors to bid on and assist with contract negotiations, oversight, and inspection to ensure favorable and honest pricing. We have international account status with a wide variety of security vendors to assure our clients receive quick and efficient corrective action. Because we do not accept any commissions or finder’s fees from these vendors, you know you are getting unbiased, professional advice. |
| Project Management | Our services are chosen by many clients to project manage the installation of their security systems because of our commitment to their needs with an eye toward the bottom line. We not only assist with the planning, but also the master scheduling necessary to coordinate the smooth installation of all phases of your project. Our team of professionals ensures your system is installed properly and that it meets your specific security requirements. |
| Security Quality Assurance (SQA) | The benefits of function- performance- and security -testing within a single development process reach across all levels of an organization. For developers, it means much less time spent on patches for existing products and more time building new products or features. QA teams gain the ability to detect and correct security flaws prior to an application’s release without having to become experts in application security. |
| Secure Code Reviews | IITAC has built a highly skilled research and innovation team constituting Technical Architects, Security Domain Specialists, Project Managers and others, to put together a pragmatic framework for undertaking Security Code reviews. |
| Code Plagiarism Detection and Analysis (CPDA) | IITAC uses sophisticated methodologies such as neuronal and genetic programming to evolve similarity functions that are suited to computer program code. Using a training set of plagiarized and non-plagiarized software applications we evolved a successful methodology to detect Code Plagiarism. |
| Cognitive Debugging | Cognitive Debugging relies on cognitive science since application debugging is a critical and complex activity not at source code level only but especially at binary auditing. Accurate and fast debugging leads to improved flaw finding or malware understanding - just as an example. Debugging involves a very demanding cognitive process. |
Copy Protection
Our long term experience in the Application Security field can help you by offering the right knowledge and the experience for either creating your custom, home-brew protection or by integrating and extending properly to its best a commercial protection in your software.
Example Applications
| Binary Application Protection | We are specialized in advanced research and development of computer security software. IITAC offers innovative, one of a kind, capabilities and solutions that seamlessly integrate into its customer’s production processes and operations. |
| Copy Protection Development | To ensure you get paid for every software copy being used, IITAC supports your copy protection efforts. This creates a robust link between the software application and the protection preventing software piracy and ensuring authorized use of the software. |
| Game Security | IITAC members are experienced in large-scale copy protection analysis, auditing and exploitation: we can help you to locate any critical weakness in your game software as well as its protection. We may offer advice and consultancy to strengthen your game security for your safeguarding your DRM policies and the overall security of your customers. |
| Digital Rights Management | DRM technologies can be used for more nefarious purposes such as infringing on privacy, personal profiling, price discrimination based on personally-identifiable information and stymieing the development of open source software. IITAC can offer you an unique mix of DRM competence, as we are experienced into both DRM auditing and its creation. |
| Crackz and Warez Analysis & Forensics | We can perform extended analysis on the impact of illegal distributed copies of your software, and our highly trained investigators can help by providing clear reports for your investigation or attorney requirements. Additionally, we can perform auditing of the pirated copies of your software in order to determine the methodologies utilised by pirates for bypassing your protection. |
Detailed Information
In the absence of copy protection, media are easy to copy in their entirety using a machine (as opposed to photocopying each page of a book). This results in a situation where consumers can easily make copies of the items to give to their friends, a practice known as “casual copying”. This practice reduces the number of people in the market who lack the product. Copy protection is most commonly found on DVDs, computer software discs, video game discs and cartridges, and more recently, some audio CDs. Companies that choose to publish works under copy protection do so because they believe that the added expense of implementing the copy protection will be offset by even greater increases in revenue by creating a greater scarcity of casually copied media.
For software publishers, a method of copy protection is to write the software so that it requires some evidence from the user that they have actually purchased the software. Unfortunately, it is well known that without the proper experience it is impossible to create protections capable of lasting more than few minutes in the hand of an experienced cracker.
Another method is to purchase a ready-made protector, and use it to protect the software. Let alone the choice of the right protection that truly suits your needs, very often such commercial protectors are not used properly nor integrated with a customized layer of additional defence due to a lack of Software Security expertise in the personnel devoted to protect the application. Again, failing to fulfil such requirements leads to an an early, easy crack available in the black market.
Our long term experience in the Application Security field can help you by offering the right knowledge and the experience for either creating your custom, home-brew protection or by integrating and extending properly to its best a commercial protection in your software.
IT Training
IITAC provides security courses, seminars, trainings and workshops in the field of general IT Security, Secure Software Engineering and Software Engineering. Online security training activities are supported by training videos or live online events. You have recognized that we offer from time to time free training events online and at conferences?
Example Applications
| Reverse Code Engineering Training | Reverse Code Engineering is a critical task for people such as protection developers, malware analysts or exploit developers. IITAC provides sophisticated training for security professionals to increase analysts abilities significant! |
| IDA Pro Training | IDA Pro is THE state of the art tool for analyzing malware. IITAC trains participants to work with IDA Pro efficiently including all necessary knowledge domains such as plugin development, IDA scripting, and more. Of course any training finalizes with a certification according to ISO/IEC 17024! |
| Malware Analysis Training | A professor said once to me: “All students dealing with malware just need to know one thing - knowing about signatures…”. If this is not sufficient for your (of course it is not) we offer extensive, professional and sophisticated training in the field of malware analysis. Of course we deal with newest techniques, tricks and methods including bot nets. Get beyond boring information! |
| Copy Protection Training | Our long term experience in the Application Security field can help you by offering the right knowledge and the experience for either creating your custom, home-brew protection or by integrating and extending properly to its best a commercial protection in your software. |
| Tiger Team Training | IITAC does not only offer highly qualified tiger teams for outsourcing the advanced security analysis of your software or your network through qualified audit services, but also offer you the needed training for creating -over the time- an highly qualified tiger team. |
| Information Security Training | Information security is one of the no. 1 top risks in nowadays business. Get trained by professional IITAC trainers with focus on modern information security field, such the BS1799, ISO/IEC 17799 or the new information security standard family ISO/IEC 2700x. IITAC information security training does not rely on these standards but include them and surround them with experienced knowledge from business process management real world. |
| Certification acc. to ISO 17024 | ISO/IEC 17024 intent is providing a framework for accreditation and certification organisms a certification program for individuals and as the standard against which a Third Party can validate the management system for certification of persons. Every IITAC certification complies with this standard and is according to ISO/IEC 17024! |
| Personalized and 1-1 Training | You are working in a high secure business? Or you do not like group training because you do not want to tell other that you get trained? IITAC offers special courses for persons interested in a 1-1 training. Just 1 participant with 1 professional IITAC trainer. Via web conferencing system or direct live training. Full non-disclosure of you person is of course included! |
| Build security staff on limited budget | It’s possible to build a more secure organization even on a tight budget. Assess your IT staff for security knowledge. Develop or hire a senior leader to oversee security requirements. Hire selectively and build fields of knowledge and expertise. Provide ongoing training and obtain certifications. Develop a sourcing strategy. |
Detailed Information
This is why an IITAC training has its advantages against others:
- Our training includes a certification according to ISO 17024! ISO/IEC 17024:2003 is the International Standard for organizations and entities wishing international recognition for certifying the competence of individuals.
- A clear flow through the training process! Using our training system we lead you through the training and certification flow.
- You are not overwhelmed with tools! Our trainings are based on professional tools such as Damn Vulnerable Linux or IDA Pro and have many tools inclusive. During training we focus only on the importantand do not leave you alone with them!
- A training and certification system which is used for university requirements! Using our experience from university we use a certification and training system which is proven for large scaled university requirements!
- Well sorted reading and assessment material in our training and certification system! The certification system gives you more than just some material. Learning progess can be tracked and short assessments prepare you for the final exam!
- Quality over quantity! We focus on the important material, not on a wild collection of readings, tutorials and documentation.
Application Protection Bootcamp + Certified Application Protection Professional (CAPP)
The Application Protection Bootcamp and IITAC Certified Application Protection Professional™ (CAPP) provides with a high sophisticated training trail an ultimate way to show your proven excellence in the field of copy protection development, secure code development, Reverse Code Engineering and Binary Auditing in various IT security relevant knowledge domains to address the many challenges of software protection, copy protection and protectors.
Participants get trained with relevant standards, procedures, and methods of application protection, copy protection, packers, and Reverse Code Engineering and get trained with high practical background. With successful training and certification participants are able to fulfill optimized development of software systems, copy protections, or application protections. The certification is part of the training trail. The Certified Application Protection Professional™ (CAPP) qualification is aimed at people involved in advanced protection tasks. This includes people in roles such as protectionists, team leader, protection auditors, security testers or software developers. This professional level qualification is also appropriate for anyone who wants an advanced understanding of copy protection and binary auditing, such as students or security consultants.
Security Consulting
IITAC - International Institute is a management consulting, technology services, and research organization with high academically background. Committed to delivering innovation, IITAC collaborates with its clients to help them become high-performance business and governments. With industry, and business process expertise, and broad knowledge resources, IITAC can mobilize the right people, skills, and technologies to help clients improve their performance. IITAC facilitates knowledge transfer to people, companies, and organizations, and helps to increase qualification significant. The IITAC trainings, assessments, and certifications are building upon experts’ knowledge. For this IITAC certifications are in compliance with the ISO 17024.
Benefits for the client
Security loopholes and potential weaknesses that are detected are immediately reported to the contact (if required), together with a proposed solution. This procedure is suitable for iterative application hardening.
We will not issue a “this application is secure” stamp, since no software is 100% secure. However, it is possible to configure a software product in such a way that the effort involved for a potential attacker is too great to justify the rewards. This is an approach that is also used in areas such as cryptography.
The client receives a comprehensive and substantial final report, including a list and assessment of the remaining risks and suggestions for appropriate countermeasures, thus enabling proactive risk management.
More Information?
- Copy Protection
- Investigation and Litigation
- IT Training
- Network Auditing
- Secure Software Engineering
- Software Auditing
- Why Certification?
- Why ISO/IEC 17024?
-
Security Labs Blog
- IT Underground XI 2008: The Damn Vulnerable Linux Project - Steps beyond ethical hacking! (by T. Schneider)
- IT Underground XI 2008: 64-bit Imports Rebuilding and Unpacking (by S. Doucet)
- RECON2008 talk: 64-bit Imports Rebuilding and Unpacking by Sébastien Doucet (IITAC)
- IITAC - Sponsor of the RECON conference! Free IDA Pro training!
- Microsoft Security Risk Management Guide - Worth a look?
- IT Underground XI 2008: The Damn Vulnerable Linux Project - Steps beyond ethical hacking! (by T. Schneider)
-
IDA Pro Training
Get trained to analyze malware, vulnerability or copy protections with the no. 1 binary analysis tool IDA Pro!
Cognitive Debugging™
The debugging skill of the programmer is probably the biggest factor in the ability to debug a problem, but the difficulty of software debugging varies. Cognitive Debugging™ trains debugging with respect to brain and mental abilities! Both combined result is most powerful debugging results!Scientific Hacking™
Go far beyond classical ethical hacking! Instead of using tools only look under the hood, instead of making multiple choice tests only get certified by true practical assessments!
-
Get in touch
-
Get your free copy!
