Centrifuge IoT Security Platform VS. VERACODE and Other Static Code Analysis Tools

Share and earn Cybytes
Facebook Twitter LinkedIn Email

The Centrifuge IoT Security Platform (CSP), built by former US intelligence offensive cyber operators at Tactical Network Solutions, automatically reverse engineers compiled firmware images to pinpoint security vulnerabilities and holes. It works by extracting the complete root filesystems within firmware images, deconstructing each file down to the byte code level and generating detailed reports revealing vulnerable functions calls.

How does CSP compare to VERACODE and other static code analysis tools?

CSP does not need or require access to source codeIt’s able to reveal private and public crypto keysIt can identify zero-day vulnerabilitiesIt leverages both static and dynamic analysesIt points to exact binaries, and the function calls within those binaries, which could be exploitable

Conversely, according to OWASP, “Source code analysis tools, also referred to as Static Application Security Testing (SAST) Tools, are designed to analyze source code and/or compiled versions of code [not complied firmware images] to help find security flaws. Ideally, such tools would automatically find security flaws with such a high degree of confidence that what’s found is indeed a flaw. However, this is beyond the state of the art for many types of application security flaws.”

With Centrifuge’s ability to find zero-day vulnerabilities, it performance remains at the bleeding edge.

How do companies and organizations use Centrifuge?

Companies use CSP firmware evaluations to quickly identify vulnerabilities that are introduced by insecure coding practices, linking to flawed open source libraries or by the compilation process itself. Further, CSP protects manufacturers when they use vendor-provided firmware images in their products and they don’t know if they’re free from vulnerabilities that could – once integrated into their final product – put them at risk for attack and embarrassment.

CSP firmware evaluations can also save significant time and money for governments, intelligence agencies, militaries and their contractors, allowing them to start from higher ground when looking for vulnerabilities in a target’s firmware.

The Centrifuge IoT Security Platform is the clear roadmap to vulnerability discovery just before production and the final step in the embedded firmware development life cycle.

Are you interested in a personal tour of CSP? Request a demo here.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Tactical Network Solutions
Are you concerned about risky, vulnerable embedded firmware in IoT devices, connected medical devices, automotive ECUs and industrial control systems? You're not alone. Since 2007, Fortune 500 companies and governments around the world have sought out Tactical Network Solutions for reverse engineering training programs, firmware evaluations, and cyber risk mitigation strategies. Clients are excited to leverage our automated firmware evaluations and consulting performed with the proprietary Centrifuge IoT Security Platform. The evals are completed with NO access to source code on compiled images containing a Linux-based root filesystem compiled for either MIPS, ARM, or X86. We also support QNX (a real-time operating system) and Docker containers. TNS evaluations have revealed thousands of hidden attack vectors including erroneously placed private crypto keys, insecure binaries with highly vulnerable function calls and other rampant security holes on embedded firmware. Our community of clients includes firmware developers, underwriters, law firms, governments and intelligence agencies worldwide who share a common goal: to discover hidden attack vectors in IoT and connected devices.
Promoted Content
TNS Issues a Sample IoT Security Report Showing Backdoors in a Connected Device
First, the good news: The extremely high number of connected devices rapidly coming to market has consumers and manufacturers excited. The new IoT devices often include advancements, more effective data collection and greater ease of use. Now, the bad news: When the devices are not built securely, they also bring unnecessary exposure, vulnerabilities, and danger.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?