Web Application Firewalls
In annual WAF testing, ICSA Labs attempts to defeat or circumvent the WAF product's security policy. Attacks used in testing include buffer overflow, cross site scripting (XSS), cross site request forgery (CSRF), improper input validation and other OWASP Top 10 web application threats.
Custom Testing
Custom testing services offer customized, 3rd party, expert evaluation and certification testing services designed to meet the specific needs of vendors and corporations.
Anti-Malware
As malware increases and evolves, third-party testing by ICSA Labs is increasingly important. That's why ICSA Labs performs monthly testing of endpoint and network-based anti-malware products.
Firewalls
In firewall testing ICSA Labs annually tests that the network firewall is stateful and can enforce a security policy. We also test that the firewall itself can withstand attacks, including DoS attacks.
Network IPS
We annually test intrusion prevention systems (IPS) to see how well they protect against client and server-side attacks aimed at high severity vulnerabilities in enterprise software and how well the product protects against evasion techniques.
ONC Health IT
ICSA Labs is authorized by the US Federal Government, as an accredited test lab and Office of the National Coordinator Authorized Certification Body (ONC-ACB), to test and certify Health Information Technology products that support Meaningful Use.
Secure SD-WAN
In this annual testing program we test your SD-WAN solution’s support for multiple WAN paths, dynamic path selection and auto-provisioning of edge devices. We also test that it is invulnerable to attack and provides its SD-WAN features securely.
Network Attached Peripherals
NAPS will verify that a network attached peripheral will not introduce vulnerabilities to the network where it is installed, and is not vulnerable to exploitation itself, while still providing its intended services to users.
IoT Security & Privacy
Depending on the kind of IoT device/sensor, ICSA Labs first chooses a suitable set of testing elements from its "IoT Security Testing Framework." The labs then tests to determine if the IoT device/sensor includes adequate security for its intended application and environment.
SSL-TLS VPN
In annual SSL-TLS VPN testing of products providing secure remote access to corporate resources, ICSA Labs tests that the different operation modes work properly, including a web-based Reverse Web Proxy and a Layer 3 VPN tunnel. Proper implementation of TLS, management/validation of certificates, enforcement of auth policies, and session control and cleanup are also examined.
IPSec VPN
ICSA Labs annually tests that VPN products interoperate with others in accordance with the IKEv2 and IPsec standards. For VPNs that support certificate-based signatures, ICSA Labs tests certificate installation & validation. Testing also verifies that cryptographic algorithms are properly implemented and that products are resistant to known IPsec VPN attacks.
Authorized Test Lab (ATL)
ICSA Labs is NVLAP-accredited as an ONC-Authorized Health IT Testing Laboratory for the US Department of Health and Human Services.Authorized Certification Body (ACB)
ICSA Labs is certified by ANSI as an Authorized Certification Body (ACB) for the Office of the National Coordinator (ONC) within the US Government's Department of Health and Human Services.Advanced Threat Defense - Email
Every quarter, ICSA Labs tests email security solutions that are designed to protect enterprises from new & little-known malicious threats in email.
