Our Services

Security Assessment Services

Whitebox Penetration Testing

In-depth whitebox penetration testing services that identify design and implementation security weaknesses, and provide best practice guidance.

  • Low-level applications and systems
  • Modern web applications and frameworks
  • Enterprise applications
  • Bespoke applications and technologies
Purple Team Testing

Scenario-driven red-team security testing complimented by blue-team review services that provide a realistic view of current security controls and procedures.

  • Simulated scenarios that reflect real-world attacks and techniques
  • Technical red-team testing of scenarios (physical and logical)
  • Collaborative analysis and prioritised counter-measure guidance
Embedded Device Assessment

Technical embedded device security services that assess physical and software security controls.

  • Financial, including Point of Sale (PoS) and Automatic Teller Machines (ATM)
  • Electronic security, identity, and biometric
  • Network appliance and Internet of Things (IoT) devices

Trusted Advisor Services

Threat Assessments

Tailored threat assessment services that investigate and analyse technical threats, and advise on pragmatic countermeasures.

  • Organisational or specific projects
  • Third-party and supply chain vendors
  • VIP and high-profile teams
Capability Uplift

Independent security expertise that expands the capability of your information security program, from strategy through to delivery.

  • Secure Software Development Lifecycle
  • Threat and Vulnerability Management
  • Incident Response and Deceptive Defense
Secure Application Growth & Enablement Program (SAGE)

Training services that uplift organisational security culture and awareness, and improve the ability to efficiently and effectively maintain a secure development lifecycle.

  • Practical threat modelling
  • Penetration testing fundamentals
  • Secure programming

Case Studies

Capability Uplift: Secure SDLC

elttam were engaged to develop a strategic, secure Software Development Lifecycle (SDLC) for a large global digital organisation. The organisation has hundreds of developers both onshore and offshore who create a range of software from common web applications through to low-level firmware code. The scope of elttam's work was to review the circumstances of all software development and recommend how to strategically incorporate security during software development and minimise application security risks.

elttam identified a number of key findings that significantly impacted existing application security and highlighted the urgent need to develop a strategic SDLC. elttam provided an in-depth analysis of the circumstances and root-cause of each finding, a secure SDLC maturity roadmap, and recommendations to address each finding. Ultimately, elttam helped the organization put in place a progressive application security function.

Since the engagement, the client has built a new specialised team. The organisation has had a significant cultural shift for managing security risks.

theme/img12-270af27d68592140261b9c8ce7af3d97bffcab2bcb20d5851bc790259c8fecc2.png
theme/WAG54G-5-270af27d68592140261b9c8ce7af3d97bffcab2bcb20d5851bc790259c8fecc2.png

Security Assurance Review: Secure Connectivity

elttam were engaged to review a secure connectivity hardware solution to be used by important individuals who travel frequently. The scope of this work was to complete an independent security review of the solution, and to identify and report on technical weaknesses.

elttam assessed the security guarantees of the device, using hardware hacking and reverse engineering to survey its physical and logical attack vectors. The final deliverable was an assessment report, which consisted of a clear executive summary, in-depth attack scenario analysis, and writeups (including supporting code and reproduction instructions) for vulnerabilities identified in both hardware and software. A few of these findings were extreme or high risk.

Since this engagement, we are happy that the client has returned to us for subsequent hardware device hacking projects.

Interested in talking?

Contact Us