Many organisations develop software.

Only few of them also accomplish to do this securely and prevent weak spots. Secure software development starts as early as in the process of devising it: if certain security elements are already missing during the software development, the probability increases that the software systems or products will have weak spots on delivery that are critical to security and which create security risks for both the manufacturer as well as the system operator.

Limes Security has many years of experience in the introduction and improvement of security at software developing organisations.

We help development companies and manufacturers with the following expert services:

  • We test your software systems for weak spots that are critical to security and help trace and remedy the causes.
  • We analyse your software development processes and expand them, so that important security steps become part of the processes.
  • We train your staff in secure coding to prevent weaknesses also in the long term, especially at the design and code level and thereby avoid future security risks.

Our security testing methods identify your weak spots and illustrate critical areas.

Profit from our targeted security tests and use them to close open flanks and points of attack still before the product is delivered to the customer.

Your consultants of Limes Security have far-reaching experience in testing security in diverse systems, be they simple or complex – we have analysed products for weaknesses and risks in industrial segments such as

  • e-commerce,
  • industrial automation,
  • energy and building automation,
  • transport,
  • healthcare.

In the process, proven testing methods and a high measure of continuous advanced training and certifications of the testers guarantee a high level of quality for you as well as high-quality security testing that also considers the latest methods of attack. For this purpose, the following methods and tools are used among others:

  • OWASP Top10,
  • CWE/SANS Top 25,
  • Nessus Vulnerability Scanner,
  • Kali Linux,
  • Burp Suite,
  • and many more.

On request, the tests can be conducted as black box tests or in the form of code reviews.

You are welcome to take a look over our shoulder and in doing so, learn for yourself how to conduct security tests in your projects.

You can rely on the expertise of the Limes Security experts for discovering critical weak spots.

We integrate security in your software developing organisation and make your products secure for the long term.

Anyone who does not want to leave security and thus, the quality of his products up to chance, must choose a proactive approach. High-quality products that meet the market needs can only be created by integrating security in the development processes and by means of an organisation, which knows how to handle the issue professionally.

Limes Security provides competent support for you in the following areas:

  • Analysis of the status quo at your organisation regarding secure software development
  • Support in structuring a program for the secure software development
  • Integration of adequate security activities in your development processes (development of a so-called Secure Development Lifecycles (SDL))
  • Setup of a vulnerability handling team (PSIRT) for ensuring professional vulnerability management

Depending on your objectives, the suitable methods are chosen and the matching methods generated specifically for your development organisation

We build upon the “Security by Design with CMMI-DEV v1.3” process model, which has been decisively co-developed by Limes Security founder Peter Panholzer and published by the CMMI Institute. At the same time, additional methods such as Microsoft SDL, BSIMM or OpenSAMM are also used.

Security know-how conveyed in practical approach

How can security weaknesses be avoided from the outset? Only through appropriate training and improvement of the developers’ and project members’ security know-how. We train the “dos and don’ts” in theory and practical exercises. Directly following the training, the participants will develop security impulses they will put into practice in their own projects.

We convey security know-how on the following topics in our on-site training:

  • Java Security: Secure Coding for Java
  • C# Security: Secure Coding for C#
  • Web Application Security: Developing Secure Web Applications
  • Security Testing: Analysis of weak spots for software developers

We will also be happy to put together a custom-made curriculum for your company together with you.

As a white-hat hacker and active member of the security community, we at Limes Security understand precisely what hackers do and how to protect against their attacks. Our training conveys this knowledge and it has been optimised to create awareness among implementers and decision-makers through workshops in a didactically appealing format and pass on to them current knowledge that is required for developing secure products.

Professional handling of product security vulnerabilities.

When it comes to security vulnerabilities in one’s own products, professional and appropriate handling very often decides whether a potential issue becomes a problem or even a PR disaster for the company. If a security researcher wants to report a product vulnerability, the right place for security reports would be a Product Security Incident Response Team, PSIRT for short.

The main function of a PSIRT is to act as a qualified body for reporting security vulnerabilities in products, solutions and services of the respective company and to ensure their proper handling.

Originally, Product Security Response Teams were mainly founded by larger Internet/network infrastructure/software vendors, the first departments of this kind were created at CISCO, ADOBE and Microsoft, for instance. Now that security research is also focusing on industrial systems, industrial vendors are also increasingly being forced to professionalize their vulnerability management efforts as they have to deal with the multitude of vulnerabilities announced by researchers / hackers.

Limes Security is able to provide customers with this particular expertise and advice on building and deploying PSIRTS, which is unique in the market. Thomas Brandstetter, founder of Limes Security, was also founder and first head of the Siemens Product Cyber Emergency Readiness Team in 2011. Limes Security has coached and supported numerous multinational companies in Europe/Asia through its expert know-how on PSIRTs.

Limes offers the following PSIRT services to industrial manufacturers in particular

  • Advice on setting up and establishing Product Security Incident Response Teams
  • Development of templates for typical PSIRT processes
  • Evaluation, coaching and improvement of existing PSIRT teams
  • Fire Drill exercises for Product Security Incident Response Teams