Carve Systems

Providing Cybersecurity Expertise to Protect Your Products and Your Brand

Security Solutions

What We Do

Security Testing

Proactively find flaws before they are exposed or exploited
Hardware and software “full stack” penetration testing
Custom tooling for regression testing

LEARN MORE

Security Strategy

Carve Systems Maturity Framework (CSMF) provides a real-world picture of security maturity
Track security progress over time and communicate to senior leadership
Strategic advisory from information security experts

Security Engineering

Remove reliance on penetration testing
Build a culture of security into your software engineering practices
Predict and prevent security issues with threat modeling
Deliver your software faster

LEARN MORE

Simplify Software Security

Our team of information security experts act as an extension of your product so your business can continue to innovate rapidly without compromising the safety of your product or the data of your customers. Our security assessments cover the cloud, IoT, embedded systems, API/web applications, and mobile devices.

Our Services

Approach

Cybersecurity Experts Empowering Your Business

Businesses with better cybersecurity will outperform their competitors. We possess engineering and leadership skills that will empower your people and processes with a security mindset.

Carve’s cybersecurity engineering expertise brings around-the-clock support to major software/IoT initiatives in Fortune 500 organizations around the world. Chances are, the Carve team has protected your personal data at some point! Come take a peak behind the scenes and learn how the Carve team came to be.

About Us

TESTIMONIALS

What Carve Customers Are Saying

At BMW Technology Corporation, we believe that security is a key feature of our mobility solutions. As we have aligned with Carve Systems as our cybersecurity partner, our architects and developers have been positively influenced by the enormous talent that Carve Systems brings to us in this space. Carve helps us identify threats and pitfalls during the design of our products to help prevent vulnerabilities before code is written.

Carve provides us with confidence and peace of mind that our products are secure, and helps us communicate our posture to internal and 3rd party cybersecurity stakeholders. Through working with Carve, our internal security requirements and release dates have been met release after release. It has been a pleasure having them alongside us in our goal of keeping BMW’s products secure.

Lorin Michael

Senior Engineering Manager, BMW

Network monitoring with nmap

by John Poch | Nov 4, 2019 | News

Asset management is a problem we help many of our customers with. What are an organization's assets, and how accurate and up-to-date is this information? Even with a mature asset management program, organizations want some form of validation of their result. From a...

Android Hard Coded Secrets

by Danny Rosseau | Aug 30, 2019 | Danny Rosseau, Feature, News

One of the more common findings we report for Android security reviews is an issue involving hard coded secrets. This blog post will specifically focus on hard coded secrets used for encrypting application data. I'll try to use a bit of light threat modeling and risk...

Command Injection with USB Peripherals

by Danny Rosseau | Aug 22, 2019 | Danny Rosseau, Feature, News

When this Project Zero report came out I started thinking more about USB as an interesting attack surface for IoT devices. Many of these devices allow users to plug in a USB and then perform some actions with that USB automatically, and that automatic functionality...

Reverse engineering Go binaries using Radare 2 and Python

by Jonathan Wrightsell | Aug 21, 2019 | Feature, News

When reverse engineering a binary application, at its lowest practical layer, the reverse engineer is looking at CPU-specific assembly language. In order to fully understand the application, the reverse engineer would need to understand those lower layers, instruction...

Abusing WebViews to Steal Files via Email

by Jesson Soto-Ventura | Aug 19, 2019 | Feature, News

A few months ago, I was testing the email functionality on a company's contact us page, when I sent an email to myself containing: <script> alert("Hi, It's almost lunch time") </script> It actually was close to lunch time, so I wrapped up testing and waited for...

Cheating in eSports: How to Cheat at Virtual Cycling Using USB Hacks

by Brad Dixon | Aug 9, 2019 | Feature, News

If you missed Brad's talk, sign up for his Webinar. You might not know it but right now thousands of athletes are training and competing in virtual worlds. I'm not talking about League of Legends or Fortnite. Those games aren't the only eSports in the world. There are...

Web Cache Session Hijacking

by Meador Inge | Aug 7, 2019 | Feature, News

In recent years it has become popular to use Content Delivery Networks (CDN) provided by cloud hosting providers. Amazon's CloudFront is an example of a popular CDN. These CDNs can take advantage of HTTP Caching to reduce latency for a global pool of end users. There...

Intro To Inzure: New Tool for Azure Deployments

Get In Touch



Office

600 5th Avenue, 2nd Floor, C/O Studio at Rockefeller Center, New York, New York 10020



Email

info@carvesystems.com



Call Us

201-632-3422