Our Services

Security Assessment Services

Whitebox Penetration Testing

In-depth whitebox penetration testing services identify design and implementation security weaknesses, and provide best practice guidance.

  • Low-level applications and systems
  • Modern web applications and frameworks
  • Mobile applications
Threat Assessments

Tailored threat assessment services investigate and analyse technical threats, and advise on pragmatic countermeasures.

  • Organisational or specific projects
  • Third-party and supply chain vendors
  • VIP and high-profile teams
Security Assurance Reviews

High-quality security testing services provide effective security assurance for a variety of networks and hardware devices.

  • Internet perimeter and internal networks
  • Cloud and virtualisation environments
  • Embedded devices

Trusted Advisor Services

Independent Specialist

With world-class security expertise, our consultants work with your organisation on special projects to make sure security is built into each initiative.

An elttam Partner will work closely with you and leverage the full capabilities of the elttam team to ensure a successful project.

Capability Uplift

Independent security expertise expands the capability of your information security program, from strategy through to delivery.

  • Secure Software Development Lifecycle
  • Threat and Vulnerability Management
  • Incident Response and Deceptive Defense
SME Augmentation

A dedicated security specialist collaborates with your team, providing elastic security resources to meet your requirements.

  • Agile Application Security Support
  • On-demand Virtual Security Consultant

Secure Application Growth & Enablement Program

The Secure Application Growth & Enablement (SAGE) training program has been specifically designed to uplift the security culture and awareness of your organisation. SAGE aims to improve your organisations ability to efficiently and effectively maintain a secure software development lifecycle, as well as build a sustainable application security program that scales with your existing resources.


Case Studies

Capability Uplift: Secure SDLC

elttam were engaged to develop a strategic, secure Software Development Lifecycle (SDLC) for a large global digital organisation. The organisation has hundreds of developers both onshore and offshore who create a range of software from common web applications through to low-level firmware code. The scope of elttam's work was to review the circumstances of all software development and recommend how to strategically incorporate security during software development and minimise application security risks.

elttam identified a number of key findings that significantly impacted existing application security and highlighted the urgent need to develop a strategic SDLC. elttam provided an in-depth analysis of the circumstances and root-cause of each finding, a secure SDLC maturity roadmap, and recommendations to address each finding. Ultimately, elttam helped the organization put in place a progressive application security function.

Since the engagement, the client has built a new specialised team. The organisation has had a significant cultural shift for managing security risks.

theme/img12-270af27d68592140261b9c8ce7af3d97bffcab2bcb20d5851bc790259c8fecc2.png
theme/WAG54G-5-270af27d68592140261b9c8ce7af3d97bffcab2bcb20d5851bc790259c8fecc2.png

Security Assurance Review: Secure Connectivity

elttam were engaged to review a secure connectivity hardware solution to be used by important individuals who travel frequently. The scope of this work was to complete an independent security review of the solution, and to identify and report on technical weaknesses.

elttam assessed the security guarantees of the device, using hardware hacking and reverse engineering to survey its physical and logical attack vectors. The final deliverable was an assessment report, which consisted of a clear executive summary, in-depth attack scenario analysis, and writeups (including supporting code and reproduction instructions) for vulnerabilities identified in both hardware and software. A few of these findings were extreme or high risk.

Since this engagement, we are happy that the client has returned to us for subsequent hardware device hacking projects.

Interested in talking?

Contact Us