Services We Offer

What we don't do

HexView is an Information Security consulting company, but we are not yet another penetration testing outfit. Our approach is completely different. Security consulting companies typically employ a very simple business model: they manage a fleet of engineers who conduct very simple, discreet tasks, like scanning, war driving, policy development, or malware mitigation. Many of these tasks are time consuming, and in addition to that, a considerable amount of time is required to organize collected data and compile reports suitable for both engineering and executive auditories. We at Hexview believe, and our experience proves it, that this approach is neither a good use for our time nor a wise investment for your money.

What we really do

HexView is dedicated to providing unmatched and outstanding services. If you are looking to improve your security posture, we can help you balance your threats and risks with costs and benefits. We will advise you on which direction to choose, taking into consideration all factors and constraints, like budget limits, staffing levels, applicable regulations, compliance requirements and partner/customer expectations. If your goal is to pass an audit with minimal damage, we will prepare you for it. If you are building a new application or device, we can help you ensure security is embedded into it. If you need to assess the state of information security in your environment and strategically deploy a set of security controls, we can accomplish it with no excessive scanning, long engagements, or expensive sub-contractors.

Our typical projects:

  • Security assessments of various scopes and depths (may include network, systems, wireless, perimeter, penetration testing, configuration reviews, etc.)
  • Risk management (risk identification/prioritization, mitigation plans)
  • Security architecture (software and infrastructure projects, security tools and controls implementation, event logging and monitoring)
  • Managed security services (DMZ, firewalls, IDS, application security)
  • Application security (from simple assessments to architectural reviews and SDLC development). We have exceptionally talented people on board, and we are known for being able to find problems in applications that underwent multiple reviews.
  • Reverse engineering -- Windows/Unix/Linux and portable platforms, x86, RISC, ARM, and other commonly processors/microcontrollers. Again, we have a history of success with cases where others gave up.
  • Hardware security -- firmware recovery, functional analysis, reverse engineering (excluding PCB). Appliance security assessments.
  • High-end e-Discovery -- we will not sit for hours in front of EnCase digging for data, but we can help you, for example, collect and re-assemble data from network captures in a way that will be presentable in a court of law.