Hardware products carry risk across firmware, embedded software, and the protocols connecting them. This methodology breaks down how Bishop Fox's hardware penetration testers assess that risk by combining automated scanning, manual exploitation, and source-code and firmware analysis to surface vulnerabilities other assessments miss.

Download the methodology to see:

• How Bishop Fox builds a threat model and attack plan before testing starts
• What's covered in manual testing: firmware security, encryption analysis, protocol enumeration, side-channel leakage, and more
• How findings are scored for likelihood, impact, and severity using OWASP and CVSS standards
• What's required from your team at each phase, so you know what to prepare

Each test begins with the modeling of practical and theoretical threats against the system, including the consideration of product-specific factors such as the operating environment, users, and the sensitivity of data processed. The methodology outlined in this document provides a detailed look at the step-by-step process and delineation of responsibilities that are critical to accomplishing predetermined objectives.