UL knows that cybersecurity needs to be approached holistically. One bit of bad coding or a single user error can leave a seemingly secure system or product vulnerable to attack. The proliferation of web and mobile applications has opened up many new attack vectors.
Taking the Secure Software Development Lifecycle as the point of departure, and with agile development as today’s norm, UL is a strong proponent of integrating testing in the design and development process.
UL combines accredited with non-accredited, customized, testing to help our customers improve the security of software in their embedded systems and web- and mobile applications.
UL Cybersecurity Assurance Program (UL 2900)
Attackers regularly use a compromised system or product to gain unauthorized access. Unless an organization is capable of reviewing every line of code in every system or product, it is a challenge to feel confident about the security of your systems and products, and entire Internet of Things ecosystem.
UL’s Cybersecurity Assurance Program (CAP) brings peace of mind. CAP certification verifies that a network-connectable product or system offers a reasonable level of protection against threats that may result in unintended or unauthorized access, change or disruption.
A UL CAP assessment is based on the requirements of the UL 2900 Standard. UL 2900-1 and the subparts of UL 2900-2 contain product or system requirements. The UL 2900-3 standard contains the general requirements for product or system development and maintenance security processes.
A code review enables a deep insight into the software vulnerabilities and weaknesses, and the best identification and exposure of risks. UL’s code review helps to identify and classify risks, through both system and threat understanding, and a risk-based code inspection.
Web Application Testing
Digitalization is on the rise, and more and more applications are used to store and transfer digital data. Yet, security of applications is by and large insufficient: over half of security breaches are caused by security defects in web applications. UL offers web application security testing to mitigate security risks.
Mobile App Testing
Use of mobile devices has grown significantly in recent years. Employees are offered bring your own device (BYOD) flexibility. Businesses are exposed to all types of risks, as hackers gain many entry points into networks and systems. UL effectively addresses this through mobile application security testing.