Securing Applications in a Hostile Environment
About Us
Furana is a privately held company that specializes in providing application security related services such as secure application architecture and design, developer security awareness training, application vulnerability assessments and source code reviews. In addition, Furana provides computer related forensic services, including malware reverse engineering.
Fourier Analysis deals with trigonometric functions that are periodic in nature: the same values are repeated over and over again. The name Furana is derived from "Fourier Analysis" based on the realization that most security errors are repeated time and again by each new generation of developers.
What We Do
Secure Application Architecture and DesignSecurity problems become more expensive to remedy when they are discovered later in the development process. Therefore avoiding security issues by taking security aspects into account during the design phase prevents costly fixes later on. Security Awareness TrainingMaking developers aware of security related issues can prevent them from making mistakes that lead to security vulnerabilities. In a typical project, not every developer needs to be a security expert. The goal of developer security awareness training is that they are able to recognize when they are dealing with security sensitive items and then seek advice from more knowledgable colleagues, if necessary. In our experience, example based training is most effective and we provide training material that is custom tailored to the customer specific situation. Application Vulnerability AssessmentsWe can provide tailor made application vulnerability assessments, going from fully automatic scans to complete manual reviews. Automated tools tend to produce many false positives and are useful for finding only a small number of common problems ("low hanging fruit") More elaborate, manual, probing is required for finding higher level types of problems, such as application logic errors. |
Source Code ReviewsWhile application vulnerability assessments can be useful for quickly finding some common problems, other categories of security problems can only be found with an analysis of the application source code. Typical examples of problems that can be found more quickly by reading the code include weak implementations of cryptography, time bombs and malicious backdoors. Forensic AnalysisWhen a security incident has been detected, part of the remediation can be a forensic analysis of the compromised systems. We provide services for forensic analysis of suspect computer systems. Malware Reverse EngineeringSometimes unknown programs are detected as part of a forensic investigation. We provide services for reverse engineering unknown programs so that their working and intended purpose can be discovered. |
Contact Us
You can contact us by email