TABLE OF CONTENTS:
In today’s digital age, cyber security has ascended to become a critical component of corporate strategy. As cyber-attacks can induce substantial losses and disruptions, particularly in the financial sector where data and infrastructure security are paramount, businesses are increasingly investing in sophisticated cyber security solutions. These initiatives are not just protective measures; they are becoming core elements of strategic business planning.
For many years, Solwit has been a steadfast supporter of firms in the realm of cyber security, a commitment that has culminated in receiving the “Cyber security Excellence” award from Tech Behemoths.
Our extensive experience in developing highly regulated projects delivers undeniable value to our clients. We collaborate with companies across various sectors, with a particular affinity for the automotive industry. Our project teams are composed of both domain experts and technology specialists, enabling us to perform effectively and comprehensively. This capability makes us an exceptionally attractive partner for companies that place cyber security at the core of their operations.
Piotr Wierski, Director of Testing and Embedded, Solwit Centre of Competence
One of the European telecommunications companies commissioned us to perform penetration testing on their new router. In collaboration with the client, our Cyber security (CS) team prepared the appropriate test environment and conducted the tests in accordance with industry standards. The router required specialized infrastructure and configuration to execute the tests properly. Our team demonstrated extensive networking, operating systems, encryption, and reverse engineering knowledge, enabling comprehensive testing despite the router’s advanced configuration.
Technologies employed included:
The project entailed conducting penetration tests on selected locomotive subnetworks to verify their resilience against cyber-attacks. Our Cyber security (CS) team deployed specialized tools for simulating hardware attacks and performing reverse engineering on embedded software and Software Development Kits (SDKs). A broad array of security techniques was utilized, including Open Source Intelligence (OSINT), JTAG interface hacking, sniffing, and spoofing, as well as fuzzing of SPI, CAN, ETH interfaces, SDK, and reverse engineering of embedded software. Custom scripts in Python and straightforward software in C were developed to expedite the process and extract the necessary data efficiently.
Tools and selected technologies employed:
A Polish software development company sought our support in conducting a security assessment of their cloud-based application for their new web platform. Our Cyber security team worked closely with the client, performing scans and manual testing of the web application in line with Google’s standards. We conducted Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and manual tests, meeting the compliance requirements of Google. This task required the rapid deployment of our team and the timeframe for completion was extremely short. We thrive on such challenges!
Technologies employed:
A Polish firm, a provider of global security solutions, commissioned us to perform penetration testing for their new web platform. This task necessitated close collaboration with the development team, as the web application was in its final stages of development. The testing process required our Cyber security team’s extensive knowledge of web applications and the various technologies used in their creation. The task extended beyond mere automated scanning of source code and applications; it also included manual testing and code review of selected system components.
Technologies employed:
Our task was to support the cyber security team of a renowned automotive company in developing and conducting cyber security tests for their new platform. Solwit provided an expert with experience in the automotive industry and cyber security testing, filling gaps in the client team’s competencies and offering advisory support. We conducted an analysis of the system’s selected security features, carried out fuzzing tests, and prepared the approach and tools for penetration testing.
Technologies employed:
Standards: ISO 21434:2021 and ISO 24089:2023
Our client is a global leader in providing intelligent lithium-ion-based power systems. Before implementing cyber security management systems and software updates, we conducted a baseline audit. Our cyber security team, composed of three specialists, tailored their expertise to meet the industry’s needs. The cyber security analysis resulted in a comprehensive report summarizing the strengths and weaknesses of the company’s security processes.
Standards:
Unauthorized content modifications were detected in a client’s online store, raising suspicions of a security breach. A rapid analysis was commissioned, along with a root cause analysis (RCA) and an enhancement of security measures. The Cyber security team investigated the web service using external tools. A suspected breach was ruled out, and a particular plugin was identified as the main cause. A report from the penetration tests was provided to the client, and issues of high criticality were resolved within three business days.
Selected technologies:
A waste management service provider requested a security assessment of their new application, which is based on microservices and hosted in a public cloud. Adhering to industry standards, within the agreed budget and timeline, our Cyber security team conducted tests for the web application. Two types of penetration tests were performed: black-box tests for external attack scenarios and gray-box tests for internal ones. The gray-box scans focused on detecting and potentially exploiting vulnerabilities present in open-source libraries, using two different tools for scanning containers and dependencies.
Selected technologies and methodologies
The client requested a security review of their flagship product in the pre-production phase to evaluate the application before its deployment in a municipal office in Europe. Black-box penetration tests were proposed for the building management system.
Selected technologies and methodologies:
Our client required support from experienced C++ developers with robust skills in computer networking. Leveraging our expertise in both the automotive industry and in cyber security for safety-critical systems, we were tasked with developing a segment of software for detecting incidents that could escalate into dangerous or critical situations. Working at the network layer, we were responsible for developing the initial set of security features in a multi-layered system consisting of numerous sensors.
Technologies:
