Product Testing

Product Testing

Reduce time in testing, minimize costs, and eliminate risks associated with product security testing. Corsec’s methodology, patented systems, infrastructure, and certification expertise helps you avoid internal resource constraints, delays, and financial losses often associated with leveraging internal staff and lab support.

Algorithm Testing for FIPS 140-2


Avoid costly and time consuming errors associated with CAVP algorithm testing:

  • Vector File and Test Parameter Implementation
  • SHIM Fabrication and Development
  • Entropy and Cryptographic Coding
  • Algorithm Development, Testing, and Implementation
  • SAR Generation

Corsec streamlines algorithm testing with the deployment of our patented Ultima™ solution, which includes:

  • Automated importation of lab-provided vector files and parsing of all test parameters
  • Test parameters correctly formatted for the form specified by the vendor’s implementation
  • Preparation of data objects and performance of test-specific initialization
  • Remote networked communications with the modules tested
  • Execution of the algorithm as specified by the implementation
  • Results from the implementation
  • Resulting data formatted per lab requirements
  • Results written in preferred format for validation

Test Case Development for Common Criteria

Offload the creation of Common Criteria-approved test cases and avoid lengthy tie-ups that over-tax engineering teams:

Common Criteria requires you to prove claims in your evaluation through a set of well-written, detailed test cases that provide in-depth coverage of all security-centric functionality. You must produce test plans for the evaluation lab, including a detailed description of the test environment and any installation and configuration prerequisites. These plans must correspond to the evaluation design documentation and provide adequate coverage of each of the defined user interfaces.

Corsec’s engineers develop and execute Common Criteria test cases on your behalf, alleviating your team of the burden to:

  • Develop well-written, detailed, and unambiguous test plans
  • Ensure 100% coverage of the product’s security centric functionality
  • Prepare and deliver testing artifacts (screenshots, log files, etc.)
  • Verify procedures and evaluation design

STIG Authoring & Testing for the DoDIN APL

Author, Maintain, and Test Against STIGs for Your Product:

The Defense Information Systems Agency (DISA) establishes configuration standards for products intended to be implemented on the Department of Defense (DoD) network. These standards are captured in a Security Technical Implementation Guide (STIG).

The DoD currently supports dozens of STIGs, each one pertinent to a specific product category. In order to achieve listing on the DoDIN APL, your product must adhere to the STIGs relevant to its product type, which DISA will dictate. Each STIG that is imposed on a product requires significant investment in time, resources, product changes, and enhancements – in addition to the detailed effort spent proving adherence.

Corsec’s knowledge and experience ensures only productive testing activities through:

  • STIG Advocacy and Arguments
  • Information Assurance (IA) Lab Tools
  • Product Release Planning
  • Staged STIG Testing
  • STIG Authoring
  • STIG Maintenance
  • Sponsor Coordination
  • DoD Expertise