Develop Secure Connected Products. Fast.

Reduce risk earlier, and ship products faster.

Don't let conventional security solutions slow down your release schedule.

Work with security experts who understand the constraints of product development.

Security Assessment

You have risk managers or other stakeholders who require security testing before you can release your product.

Carve has the expertise to satisfy risk stakeholders and improve your security.
Learn More

Reduce Risk Earlier

You know that you can do more than last minute pen testing, but don't have the expert security resources required.

Carve will embed with your team to comprehensively address security.
Learn more

Our Services

Customized Security Solutions Engineered For Your Business
Assessment Services
Enterprise Services
Continual Risk Assessment
Tue, 03 Apr 2018
Should GNSS be a threat vector in your threat model?

GPS, also referred to as the broader term GNSS, is a fundamental technology for IoT positioning and time estimation. Developers typically regard GPS as a trusted input to the system because the difficulty of manipulating GPS signals is presumed to be too difficult for the casual attacker. Lab testing at Carve shows us that this isn't the case. There are easy software tools for manipulating GPS inputs to find software flaws. Time to rethink the threat model.

READ MORE >
Tue, 27 Feb 2018
JWT, OAuth, and Algorithm Choices

Implementing systems that securely authenticate users and authorize their activities within applications can involve multiple interactions that cross trust boundaries. When applications are written in different languages, live in different environments, but still want to share data with each other what are the options?

  • Don't start rolling your own crypto …
READ MORE >
Fri, 05 Jan 2018
Meltdown and Spectre. Oh My!

There have been a lot of new terms floating around the internet these last few days: Meltdown, Spectre, etc... What does it all mean? In this post, I will explain the high-level pieces, what systems are affected by this, and what you can do to better protect yourself against it.

READ MORE >
Tue, 24 Oct 2017
Android 7 Cellular MiTM

Performing security assessments of complex systems sometimes requires some technical gymnastics to "man-in-the-middle" (MITM) communications between components. MITM techniques are essential for observing and manipulating communications in ways that a developer may not have anticipated. As system defenses improve the task of setting up a MITM environment for a system …

READ MORE >