Providing Cybersecurity Expertise to Protect Your Products and Your Brand
What We Do
- Carve Systems Maturity Framework (CSMF) provides a real-world picture of security maturity
- Track security progress over time and communicate to senior leadership
- Strategic advisory from information security experts
- Remove reliance on penetration testing
- Build a culture of security into your software engineering practices
- Predict and prevent security issues with threat modeling
- Deliver your software faster
Simplify Software Security
Our team of information security experts act as an extension of your product so your business can continue to innovate rapidly without compromising the safety of your product or the data of your customers. Our security assessments cover the cloud, IoT, embedded systems, API/web applications, and mobile devices.
Cybersecurity Experts Empowering Your Business
Businesses with better cybersecurity will outperform their competitors. We possess engineering and leadership skills that will empower your people and processes with a security mindset.
Carve’s cybersecurity engineering expertise brings around-the-clock support to major software/IoT initiatives in Fortune 500 organizations around the world. Chances are, the Carve team has protected your personal data at some point! Come take a peak behind the scenes and learn how the Carve team came to be.
What Carve Customers Are Saying
At BMW Technology Corporation, we believe that security is a key feature of our mobility solutions. As we have aligned with Carve Systems as our cybersecurity partner, our architects and developers have been positively influenced by the enormous talent that Carve Systems brings to us in this space. Carve helps us identify threats and pitfalls during the design of our products to help prevent vulnerabilities before code is written.
Carve provides us with confidence and peace of mind that our products are secure, and helps us communicate our posture to internal and 3rd party cybersecurity stakeholders. Through working with Carve, our internal security requirements and release dates have been met release after release. It has been a pleasure having them alongside us in our goal of keeping BMW’s products secure.
Asset management is a problem we help many of our customers with. What are an organization's assets, and how accurate and up-to-date is this information? Even with a mature asset management program, organizations want some form of validation of their result. From a...
One of the more common findings we report for Android security reviews is an issue involving hard coded secrets. This blog post will specifically focus on hard coded secrets used for encrypting application data. I'll try to use a bit of light threat modeling and risk...
When this Project Zero report came out I started thinking more about USB as an interesting attack surface for IoT devices. Many of these devices allow users to plug in a USB and then perform some actions with that USB automatically, and that automatic functionality...
When reverse engineering a binary application, at its lowest practical layer, the reverse engineer is looking at CPU-specific assembly language. In order to fully understand the application, the reverse engineer would need to understand those lower layers, instruction...
A few months ago, I was testing the email functionality on a company's contact us page, when I sent an email to myself containing: <script> alert("Hi, It's almost lunch time") </script> It actually was close to lunch time, so I wrapped up testing and waited for...
If you missed Brad's talk, sign up for his Webinar. You might not know it but right now thousands of athletes are training and competing in virtual worlds. I'm not talking about League of Legends or Fortnite. Those games aren't the only eSports in the world. There are...
In recent years it has become popular to use Content Delivery Networks (CDN) provided by cloud hosting providers. Amazon's CloudFront is an example of a popular CDN. These CDNs can take advantage of HTTP Caching to reduce latency for a global pool of end users. There...