Develop Secure Connected Products. Fast.

Reduce risk earlier, and ship products faster.

Don't let conventional security solutions slow down your release schedule.

Work with security experts who understand the constraints of product development.

Security Assessment

You have risk managers or other stakeholders who require security testing before you can release your product.

Carve has the expertise to satisfy risk stakeholders and improve your security.
Learn More

Reduce Risk Earlier

You know that you can do more than last minute pen testing, but don't have the expert security resources required.

Carve will embed with your team to comprehensively address security.
Learn more

Our Services

Customized Security Solutions Engineered For Your Business
Assessment Services
Enterprise Services
Continual Risk Assessment
May 18, 2018
Why Do I Write Vulnerable Code?

You're a software engineer or architect. Imagine your product was the victim of a data breach and received lots of press. After the smoke clears, is your team asking and answering this fundamental question?

READ MORE >
May 10, 2018
Digital Security Strategy: Part 1

At Carve we are fortunate to have clients that span across many industries, company sizes, and technology maturity levels. This series of blog posts will discuss an increasingly common theme across our customer base, called "Digital Strategy" or "Digital Transformation", and how this affects an organization's security.

READ MORE >
April 27, 2018
Manipulating APIs for Security Test Automation

REST API security assessments were driving me crazy. I decided to write a tool to help.

READ MORE >
April 3, 2018
Should GNSS be a threat vector in your threat model?

GPS, also referred to as the broader term GNSS, is a fundamental technology for IoT positioning and time estimation. Developers typically regard GPS as a trusted input to the system because the difficulty of manipulating GPS signals is presumed to be too difficult for the casual attacker. Lab testing at Carve shows us that this isn't the case. There are easy software tools for manipulating GPS inputs to find software flaws. Time to rethink the threat model.

READ MORE >