Initial consultations with the client made clear that an external design review was needed. This decision was made by the client to ensure development would not commence until security concerns had been addressed beforehand - preventing vulnerabilities in advance (often known as DevSecOps).
The clients' primary concern was that the complexity of the proposed design may lead to inadvertent weaknesses being created which, when implemented, would be more difficult to overcome than they are at the design stage. The heavy use of cryptography throughout the product meant it was the critical focus of the offensive engagement.
As the product was in the pre-development stage, with no active codebase, identifying any security-related flaws in its design documentation was the first logical step.
The client provided Secure Impact with their latest design documentation - detailing system components, cryptographic processes and architectural diagrams of the product to be reviewed.
The primary areas of concern surrounded the creation, storage and handling of cryptographic key material. However, other factors had to be considered, such as data handling, access control or systemic design weaknesses in the product's architecture.
A significant portion of the engagement relied upon consistent discussions with the development team. These conversations transpired throughout, allowing our testers to raise concerns and points of interest early in the process, and facilitating back-and-forth discourse. Doing so reduced the likelihood of ambiguities or false assumptions about the product during the security review. Following these discussions, we were able to apply further context to the documentation, improving the overall results of the engagement.
Once the documentation had been analysed, and between multiple discussions with the client, the offensive team successfully identified a number of key suggestions to improve the security of the design. SI identified several areas where the design could be simplified, reducing the available attack surface, and increasing the robustness of the system, and pinpointed places where the design did not meet the client's stated design principles. SI also discussed single points of failure (SPOF) that were identified in the design and worked with the client to ensure the risks around these had been fully appreciated.
The client was extremely pleased with the result of the engagement and requested that the team are involved in penetration testing the product once it has concluded its first development stage.
As a result, all findings were remediated quickly and efficiently to immediately reduce the risk to the client. This has allowed them to significantly decrease the product's attack surface and risk in its design.