Welcome to Casaba Security's website.We're a software security consulting firm in the Seattle area with a diverse and experienced team of people who have a track record in identifying software security vulnerabilities and finding solutions.
We have a history providing value through fixed-length security reviews (black box and white box), and also through providing long term on-demand security services.
We can help you with your software and computer security goals by custom tailoring our services to meet your needs:
Your business is what's important. We want to understand your business goals and apply an approach that makes sense for you. We know how to find the security issues in your software and systems and how to translate them into prioritized action items. Also, we provide clear insight into the strengths and weaknesses resulting from your design choices and implementation.
We've been immersed in the security of state-of-the-art software for many years. Of course that means operating system software, business systems, Web-applications, and even hardware, but to give you some more specific examples, we work with:
We like to interact closely with your business and product teams. Security reviews done in a vacuum can have meager results. Instead of going heads down and disappearing, we want to engage with your business and technical teams to understand your product's business and development goals. By interacting and participating closely with you, we become a virtual part of your team during the important time of a security review. Working closely with you has proven time and again to produce the most valuable results.
Traditional software security reviews have focused on either white box (code only) or black box (zero-knowledge) approaches. While each has its merits, by themselves these two approaches are limited, but combined they are very powerful and can yield much greater results. Security reviews happen in limited timeframes, and to give you the most value in your review we'll recommend doing a comprehensive source code assisted penetration test. This combines the knowledge of the source code with a working application to provide a deep and rich security review. However, we understand that sometimes a black box or white box approach by itself is necessary.
Our experience spans a multitude of product types. We have built advanced dynamic runtime analysis tools to automate vulnerability detection in parsers and other software. We've built network vulnerability scanners. We'll happily analyze complex web applications and review your code for .Net Framework security best practices. We look at custom or RFC-implemented networking protocols and will build a custom fuzzer or testing harness to identify issues in your new protocol or stack implementation. We understand the granular details of cryptography and can help to make sure you've implemented a design which meets your goals of confidentiality, integrity, and availability. We can even design and build custom security solutions for your business, be they a focused HTML/XSS filtering system, or software analysis test harness.
