Carve Systems

Providing Cybersecurity Expertise to Protect Your Products and Your Brand


Security Solutions

What We Do

Security Testing

  • Proactively find flaws before they are exposed or exploited
  • Hardware and software “full stack” penetration testing
  • Custom tooling for regression testing



Security Strategy

  • Carve Systems Maturity Framework (CSMF) provides a real-world picture of security maturity
  • Track security progress over time and communicate to senior leadership
  • Strategic advisory from information security experts

Security Engineering

  • Remove reliance on penetration testing
  • Build a culture of security into your software engineering practices
  • Predict and prevent security issues with threat modeling
  • Deliver your software faster


Simplify Software Security

Our team of information security experts act as an extension of your product so your business can continue to innovate rapidly without compromising the safety of your product or the data of your customers. Our security assessments cover the cloud, IoT, embedded systems, API/web applications, and mobile devices.

Our Services


Cybersecurity Experts Empowering Your Business

Businesses with better cybersecurity will outperform their competitors. We possess engineering and leadership skills that will empower your people and processes with a security mindset.  

Carve’s cybersecurity engineering expertise brings around-the-clock support to major software/IoT initiatives in Fortune 500 organizations around the world. Chances are, the Carve team has protected your personal data at some point! Come take a peak behind the scenes and learn how the Carve team came to be.


What Carve Customers Are Saying

At BMW Technology Corporation, we believe that security is a key feature of our mobility solutions. As we have aligned with Carve Systems as our cybersecurity partner, our architects and developers have been positively influenced by the enormous talent that Carve Systems brings to us in this space. Carve helps us identify threats and pitfalls during the design of our products to help prevent vulnerabilities before code is written.

Carve provides us with confidence and peace of mind that our products are secure, and helps us communicate our posture to internal and 3rd party cybersecurity stakeholders. Through working with Carve, our internal security requirements and release dates have been met release after release. It has been a pleasure having them alongside us in our goal of keeping BMW’s products secure.

Lorin Michael

Senior Engineering Manager, BMW

Network monitoring with nmap

Asset management is a problem we help many of our customers with. What are an organization's assets, and how accurate and up-to-date is this information? Even with a mature asset management program, organizations want some form of validation of their result. From a...

Android Hard Coded Secrets

One of the more common findings we report for Android security reviews is an issue involving hard coded secrets. This blog post will specifically focus on hard coded secrets used for encrypting application data. I'll try to use a bit of light threat modeling and risk...

Abusing WebViews to Steal Files via Email

A few months ago, I was testing the email functionality on a company's contact us page, when I sent an email to myself containing: <script> alert("Hi, It's almost lunch time") </script> It actually was close to lunch time, so I wrapped up testing and waited for...

Web Cache Session Hijacking

In recent years it has become popular to use Content Delivery Networks (CDN) provided by cloud hosting providers. Amazon's CloudFront is an example of a popular CDN. These CDNs can take advantage of HTTP Caching to reduce latency for a global pool of end users. There...

Get In Touch