At EWA, we are proud to be on the cutting edge of solutions in today’s world. Scroll through this page to browse a sampling of our areas of technical expertise, or simply click the area of interest below.

802.11 Software Library

Application Security Assessment

Common Criteria Product Evaluation

Cryptographic Algorithm Validation

DSP Software Library

Electronic Warfare

Engineering

Eurocard, MasterCard, Visa (EMV)

FIPS 140-2 Services

FIPS 201 - Personal Identity Verification (PIV)

Identity Management Support

IDS/IPS Installation & Monitoring

Information Operations Red Team Training and Support

Interac® Device Certification Testing

ITS Design and Engineering

Operational Concept Definition

PCI/PTS Device Testing

Penetration Testing

PKI Certificate Authority

Policy Monitoring Enforcement

Program Management & Planning

Radar Design and Development

Radars and Radar Systems

Range Instrumentation

SCAP Testing

Semantic Technologies

Software Design and Development

Special Operations

Telephony Security

Test and Evaluation

Threat Risk Assessment

Training Systems Technologies

Ultra Violet and Infrared Development and Detection

Voice Over IP (VOIP) Security

Wireless Applications

802.11 Software Library

EWA's 802.11 Software Library allows us to create software applications that exploit all aspects of the 802.11 a,b,g, & n protocols.

To request more information, click here.

Application Security Assessment

EWA methodology for application security testing is based upon the Open Web Application Security Projects (OWASP) standards for designing secure applications, as well as their standards for testing and penetrating application security.

EWA has extensive experience assessing multi-tiered applications implemented using a variety of frameworks and technologies, and our web application security testing methodology can identify over 40 types of potential application vulnerabilities in the following 12 different categories.

denial of service;
access control;
session management;
configuration management;
error handling;
data protection;
input validation common;
input validation cross site scripting;
input validation sql injection;
input validation os command injection; and
input validation ldap injection.

Click here for more information from the corresponding EWA operating unit's website.

Common Criteria Product Evaluation

The Common Criteria for IT Security Evaluation is an international standard designed to specify and measure IT security. The Common Criteria process can be a lengthy and complex endeavor. Selecting an experienced, accredited testing facility can play a key role in ensuring a successful, cost-effective evaluation. The EWA IT Security Evaluation & Test Facility (ITSET) provides a full complement of capabilities that support all facets of the CC process. EWA provides:

CC Pre-Evaluation Consulting,
CC Product Evaluation,
CC Evaluation Support, and
CC Assurance Continuity.

Click here for more information from the corresponding EWA operating unit's website.

Computer Based Training

EWA prepares new course material by updating and enhancing current training courses for operators and management and uses a rigorous peer-review and quality control process in developing the training packages. We address skills ranging from those necessary to set-up and tear-down the equipment, to activate, check, operate and shutdown in different modes. We also provide separate training for operator maintenance, a demonstration of the basic equipment safety skills, and a separate and complete instruction package for the Train-the-Trainer Team.

Cryptographic Algorithm Validation

Cryptographic algorithm validation is a prerequisite of FIPS 140-2 validations under the Cryptographic Module Validation Program (CMVP), as each approved algorithm implemented in a module must be validated as meeting the requirements of the applicable FIPS, NIST or ANSI standard.

As an NVLAP accredited facility, EWA-Canada’s ITSET lab can perform testing of vendor algorithm implementations in accordance with the Cryptographic Algorithm Validation Program (CAVP) either as a separate endeavor or concurrently as part of an overall FIPS 140-2 validation effort. EWA-Canada performs verification of:

Symmetric Algorithms,
Asymmetric Algorithms,
Hashing Algorithms,
Random Number Generator (RNG) Algorithms, and
Message Authentication Algorithms.

The EWA-Canada IT Security Evaluation & Test Facility can perform the testing of the algorithm implementations or refer you to a FIPS 140-2 support specialist to perform the testing.

Click here for more information from the corresponding EWA operating unit's website.

Data Security - Parsing Technology

EWA has applied Parsing Technology to both data-at-rest and to data-in-motion to provide a comprehensive solution to the multi-level security problem of segregating data at different security levels.  We have used this technology to implement solutions which satisfy both data security and redundancy requirements.  At EWA, we have extensive experience tailoring this technology to meet the specific needs of our diverse clients. 

DSP Software Library

EWA's DSP Software Library allows us to create applications that exploit the Texas Instruments family of DSP devices.

To request more information, click here.

Electronic Warfare

EWA has assembled an outstanding staff of electronic warfare (EW) experts. We support every facet of EW, from teaching fundamental concepts to building advanced counter-measures systems. Our proficiencies include in-depth EW engineering, testing, training, and support.

Click here for more information from the corresponding EWA operating unit's website.

Engineering

Ingenuity, an entrepreneurial spirit, and engineering expertise form the backbone of EWA and extend into all capabilities throughout the company. We foster a continually growing team of seasoned experts and new talent who share the same passion for solving problems and developing innovative solutions.

Click here for more information from the corresponding EWA operating unit's website.

Eurocard, MasterCard, Visa (EMV)

EWA-Canada has pioneered a comprehensive EMV Testing methodology and developed the required tools and technologies. EWA-Canada is a global center of excellence for the testing of Payment Systems. EWA-Canada also provides much needed local support to the Canadian Banking Industry as they convert their payment offerings from magnetic stripe technologies to the more secure Chip-based solutions.

Click here for more information from the corresponding EWA operating unit's website.

FIPS 140-2 Services

Federal Information Processing Standard (FIPS) 140-2 specifies the security requirements which must be met in order for products to be validated under the Cryptographic Module Validation Program (CMVP).

The EWA-Canada IT Security Evaluation & Test Facility (ITSET) provides a full complement of capabilities that support all facets of the FIPS 140-2 process. An accredited testing facility, EWA-Canada's IT Security Evaluation and Testing Facility can play a key role in ensuring your endeavors are successful, on time, and on budget.

Click here for more information from the corresponding EWA operating unit's website.

FIPS 201 - Personal Identity Verification (PIV)

In response to Homeland Security Presidential Directive (HSPD) 12, the US National Institute of Standards and Technology’s (NIST) Computer Security Division initiated a new program for improving the identification and authentication of Federal employees and contractors for access to Federal facilities and information systems.

The EWA-Canada IT Security Evaluation & Testing Facility is accredited by the National Voluntary Laboratory Accreditation Program (NVLAP) to perform testing of PIV card applications and PIV middle ware and offers a full range of evaluation and related consulting services:

PIV Testing,
Cryptographic Algorithm Validation,
FIPS 140-2 Validation and Re-Validation.

Click here for more information from the corresponding EWA operating unit's website.

Identity Management Support

Identity Management is a complex issue that can be viewed from several perspectives:

credentials that establish your identity,
the baseline documents and issuing authorities,
the relying parties and transaction intermediaries,
the security and privacy architectures that underpin the system processes,
the physical and logical access controls necessary to use the business applications and
the technologies that facilitate use of the credentials (smart cards, tokens etc.)

The challenges that face an organization planning to implement an identity management application are numerous. These challenges have been brought into focus by the ever increasing number of incidents of identity theft. EWA applies a systems engineering approach to understanding clients' needs for identifying management support. This approach is founded in a clear understanding of the:

threat environment,
the security and privacy architecture being used,
the technologies being used to support the credentials, and
the hardware and software being used to connect the individual to the underlying business applications.

Click here for more information from the corresponding EWA operating unit's website.

IDS/IPS Installation & Monitoring

EWA provides 24/7 remote monitoring of IDS/IPS sensors installed on client networks and offers immediate or delayed alarm notification and tailored escalation procedures. This service can be provided with commercial IDS/IPS sensors or state-of-the-art public domain sensor suites especially configured by EWA. By searching all recorded and new alerts and advisories, EWA can generate tailored reports that include only data that are applicable to the client’s infrastructure.

EWA's comprehensive analysis of firewall and IDS/IPS sensor data allows us to identify potential malicious activity. Thousands of alerts and advisories concerning information threats and vulnerabilities are published annually by hardware and software vendors, Computer Emergency Response Teams (CERTs) and a variety of protection organizations worldwide. To make effective use of this information, EWA performs extensive compilation and filtering based on the operational configuration of our customer’s systems of concern. This analysis is performed by highly skilled analysts using commercial, public domain and proprietary tools. The results of the analysis are provided to customers for follow-up action by them.

Click here for more information from the corresponding EWA operating unit's website.

Information Operations Red Team Training and Support

"We are the Bad Guys." EWA's Information Operations Red Teams provide an opposition force with real-world communications technologies for SIGINT training to support all Military Services. Committed to quality and fully responsive to customers' changing needs, the Red Teams provide continuing support anytime, anywhere with a diverse skill set and expertise second to none.

Click here to view the Information Operations Red Team Training and Support Fact Sheet.
Click here for more information from the corresponding EWA operating unit's website.

Interac® Device Certification Testing

EWA-Canada has been accredited by Interac® as a Device Certification Agent (DCA) under the "Interac Association Device Certification Program". To facilitate the certification of devices, the Interac Association has developed the Third Party Device Certification Program to identify DCA's which are accredited to perform independent validation testing of ABM and IDP point-of-sale terminals, including Secure PIN Entry Devices - IDP SPED, against the Interac® Security Standards.

Click here for more information from the corresponding EWA operating unit's website.

Information Technology Systems (ITS) Design and Engineering

EWA develops security solutions that are based on the vast expertise of our personnel, a strong systems engineering approach and vendor-neutral selection and implementation of technologies. EWA's ITS design and implementation capabilities tailored for government and commercial clients include the following:

requirements and analysis studies;
options analyses;
security architecture design;
project management support to ITS related projects;
independent verification and validation support to ITS-related projects;
prototype design and development;
impact analysis for new software implementations and major configuration changes;
ITS system and application specialist implementation support; and
training.

Click here for more information from the corresponding EWA operating unit's website.

Operational Concept Definition

EWA has extensive experience in analyzing complex problems and defining customer requirements in order to solve these problems.  EWA has prepared and delivered detailed operational capability and concept of operations documents for various federal, provincial/state and private sector programs and initiatives.  Based on customer approved capabilities and concepts, EWA has then modeled, designed, built and operated critically required capabilities.  These include operational support centers, threat analysis centers and information infrastructure protection centers.

Click here for more information from the corresponding EWA operating unit's website.

PCI/PTS Device Testing

EWA-Canada's Payment Assurance Lab provides a complete offering of Certification Testing and Pre-Certification Assessment Services targeted for a global market. EWA-Canada is independently accredited to provide these services for PIN Entry Devices (PED), Encrypting PIN Pads (EPP), Unattended Payment Terminals (UPT), Smart Cards and network devices used in transaction networks by a broad range of payment schemes and associations

Payment Card Industry (PCI) PED Program;
MasterCard’s POS Terminal Security (PTS) Program aimed at devices with TCP/IP protocols and security services;
ISO 15408 Common Criteria (CC) Evaluations of devices aiming to meet Protection Profiles defined by organizations such as APACS (the UK payment association) and the BITS Financial Services Roundtable (US financial services sector) Test Mark program; and
Interac® Device Certification Agent for devices targeted at the Canadian Market.

Click here for more information from the corresponding EWA operating unit's website.

Penetration Testing

The ultimate verification of a potential vulnerability is to actually exploit it to compromise the system under test, and EWA is a recognized leader in conducting successful penetration tests. Our experience covers the full range of penetration testing from sophisticated penetration testing of core security technologies using custom-developed exploits to successful no-knowledge penetration tests of networks to “capture the flag” using a variety of technical and social engineering techniques. We also conduct penetration testing against specific technologies and network nodes, including the development of custom exploits, given full knowledge of system design, configuration and functions.

We follow a systematic methodology to conduct penetration testing, and we work with our clients to ensure the proposed test approach and risks are understood prior to any testing being conducted, and that an exit criteria is negotiated and agreed upon (e.g. ability to read a specific file, ability to create or modify a database record, etc.).

To request more information, click here.

PKI Certificate Authority

EWA-Canada is strategically positioned to offer effective policy, procedural, analytical and technical support to our clients looking for Public Key Infrastructure(PKI) and Certificate Authority(CA) Services. EWA-Canada fully understands the various interoperability and governance problems surrounding the Certificate Authorities, directories and certificates. EWA-Canada has extensive experience in providing guidance, design, assessment and testing of PKI components for governments and private sector.

EWA-Canada offers several PKI trust models services (e.g. authentication, non-repudiation, authorization, access-control-list, privacy) applications based on various industry standards (EMV, X.509, SET, SPKI, etc).

Click here for more information from the corresponding EWA operating unit's website.

Policy Monitoring Enforcement

EWA helps customers determine corporate IT security policies that can be translated into specific technical policies to be implemented in corporate firewalls. As new applications and business processes evolve, EWA continues to ensure that the technical policies implemented in firewalls reflect the evolving corporate ITS policies. These implemented policies are validated on a regular basis.

Click here for more information from the corresponding EWA operating unit's website.

Program Management & Planning

EWA provides comprehensive planning and program management services to government, military, and commercial clients.  Whether managing a multi-disciplinary program or single project, EWA professionals combine management skills, subject matter expertise and technical resources to accomplish client goals.  Our services encompass all phases of a given project to include strategic planning and budgeting, design and development, training, on-site management and staff support, implementation and execution, documentation, and evaluation.

Click here for more information from the corresponding EWA operating unit's website.

Radar Design and Development

EWA has designed, developed and delivered a variety of Radar Systems to include large phased array systems. Some radars were designed to emulate foreign air-defense radars for the purpose of testing U.S. Electronic Warfare devices, training and countermeasure development. Others delivered networked Continuous Wave (CW) radars to fill the gaps in an existing surveillance system.

Click here for more information from the corresponding EWA operating unit's website.

Radars and Radar Systems

EWA specializes in radar and radar related software and hardware systems design, upgrade, development and integration, along with a wide range of waveform generation, receiver, and digital signal processing (DSP) product and applications. The DoD uses EWA systems for a variety of deployed, test and evaluation, and training purposes. EWA has delivered systems in most radar bands. THey have provided conventional phased array and networked through millimeter wave radars.

Click here for more information from the corresponding EWA operating unit's website.

Range Instrumentation

EWA provides support to the Naval Air Warfare Center-Weapons Division, Land Range at China Lake CA. Services include project management, system engineering, system integration, and system testing for instrumentation and measurement systems. Current projects include: remotely operating tracking radars; spherical near field measurement system, and CW doppler radars.

Click here for more information from the corresponding EWA operating unit's website.

SCAP Testing

The Security Content Automation Protocol (SCAP) is a method for using a standards-based approach to automate vulnerability management, measurement and policy compliance evaluation. SCAP comprises the following set of open standards that address identification of software vulnerabilities, platforms and security relevant configuration issues; methods for determining the presence of vulnerabilities or other issues; and methods for assigning a score to discovered security issues in order to rank their severity and impact.

As a fully accredited SCAP Test Lab, EWA can offer efficient and cost-effective help to our clients in obtaining certification of their products to any of the SCAP standards or SCAP capabilities.

Click here for more information from the corresponding EWA operating unit's website.

Semantic Technologies

Semantic technologies will profoundly change the way machines access and share information on the Internet and in large or local data repositories. EWA designs and builds state of the art semantic-based knowledge discovery applications and related services, such as ontology development and refinement. Our clients already include government and commercial clients anxious to make a breakthrough in productivity and understanding. Semantic technologies offer a new paradigm and set of powerful capabilities — an approach that deals with the challenges of machine-based sharing of meaning from within collections of unstructured information and building systems that know what they’re doing.

Click here for more information from the corresponding EWA operating unit's website.

Software Design and Development

Engineers develop software in a process controlled environment for multiple platforms and operating systems using various languages in compliance with recognized government and commercial standards.  Our software engineers are experience in a broad array of software technologies and languages.  We provide software solutions for both classified and unclassified projects.

Click here for more information from the corresponding EWA operating unit's website.

Special Operations

EWA is at the forefront of developing new technologies in the area of Special Operations.  We have a unique group of qualified individuals with various Special Operations backgrounds in the Army, Navy, Air Force, and Marines.  These individuals work along with our special operations customers understanding and addressing requirements to meet the challenges of today’s world of fast-paced Special Operations. We provide special purpose equipment systems and software to meet specific Special Operations needs.

Click here for more information from the corresponding EWA operating unit's website.

Telephony Security

EWA offers the capability to furnish, install, integrate, test and manage a voice security, management, and auditing platform. EWA hosts the industry's only Voice Firewall solution, and delivers an integrated set of powerful applications to secure, optimize and efficiently manage enterprise voice systems and services.

EWA provides a total Voice Management and Security System that provides unique and powerful capabilities to track and report usage, monitor network health and status, and eliminate vulnerabilities and abuse in the telecommunications network.

Click here for more information from the corresponding EWA operating unit's website.

Test and Evaluation

EWA supports customer requirements for Test and Evaluation through test instrumentation, test data analysis, and other capabilities.  EWA has focused on using various forms of instrumentation in the test data collection process to accurately collect large volumes of data and reduce the number of personnel required to support the testing process.  At the conclusion of a test, EWA reviews the data collected to ensure it was collected according to the data collection plan, and conducts a detailed analysis of the data according to the test evaluation plan.  In support of clients' contract management activities, EWA also performs independent verification and validation (IV&V) of hardware and software.

Click here for more information from the corresponding EWA operating unit's website.

Threat Risk Assessment

The key criteria that ensures the success of Threat Risk Assessment are an understanding of client operations and architecture, the implementation of a comprehensive and traceable process for information asset risk analysis, a detailed understanding of potential threats and architecture vulnerabilities, and a comprehensive understanding of incident reporting and assessment infrastructure and guidelines. 

EWA's approach includes identifying information assets (both paper and electronic) and assessing their sensitivity in accordance with "injury tests" conducted with respect to four criteria: confidentiality; integrity; availability; and replacement cost.

As a proprietary, value-added consideration, EWA maintains and employs an extensive library of commercial exploitation and VA tools, many of which are in use in the sophisticate part of the hacking community.

Click here for more information from the corresponding EWA operating unit's website.

Training Systems Technologies

EWA provides expertise in modern training systems technology essential for comprehensive training needs assessment, affordable systems developments, and effective training implementation. EWA is proficient in many different areas to include: PC Software Solutions, Real Time Simulations, Computer and Web Based Trainers, 3D Modeling and Design. Our focus spans from conception to implementation of software applications for PC based platforms using Windows XP Professional via .Net Technology, SQL Server and web applications.

Click here for more information from the corresponding EWA operating unit's website.

Ultra Violet and Infrared Development and Detection

EWA specializes in the development of ultra violet (UV) sources used in the test and training communities for missile plume simulations. We also specialize in developing infrared (IR) simulated target signatures. Our plume simulations use the most advanced technology and are currently being used by the Army's Common Missile Warning System Program, and the JFCOM OPFOR program. Our IR signature capability augments simulated ground targets with validated signatures for both Joint exercises and the operational test community. EWA also develops UV radiometers and imagers used in various roles, including missile plume signature detection and hostile fire location.

To request more information, click here.

Voice Over IP (VOIP) Security

EWA has been conducting Vulnerability Assessment (VA) activities at client sites for many years. Increasingly these environments are opting to include converged data and telephony equipment. As the desire for security is made known, vendors are increasingly looking at securing their VoIP implementations. EWA’s position as a high-quality provider of assessment services and EWA's VoIP Security Assessment methodology provides a consistent manner in which to identify vulnerabilities in VoIP implementations and provides a cost effective alternative.

Click here for more information from the corresponding EWA operating unit's website.

Wireless Applications

EWA operates a Wireless Center of Excellence (CoE) that provides systems engineering and integration within the IEEE 802.xxx wireless protocols.  Since the Wireless CoE inception, EWA has developed and supported multiple wireless based systems for government customers. These systems range from high data rate networks using industry wireless standards to miniaturized RFID devices employing proprietary wireless solutions for long battery life. 

Click here for more information from the corresponding EWA operating unit's website.

 


© Copyright 2014 Electronic Warfare Associates, Inc. All Rights Reserved. Terms of Use