Research, develop, consult and educate





Professional Services

Recx offers a range of both bespoke and structured services, some of which are detailed below. We work closely with our customers to understand their needs and project requirements before creating a custom package of work. These can be half day briefings through to multi-month research engagements. Let us help you get the most out of your people and technology.

Research

Product Evaluations

Selecting security products is a minefield. Every company claims that theirs is the best product and the perfect fit for your security and business needs. However our experience has shown that independent evaluation during the buying cycle can cut through marketing claims and ensure new security solutions don't contribute to your security problems by introducing unknown risks.

Recx have extensive experience of reviewing security products as part of a due-diligence process. Verifying claims, mapping attack surfaces and intensively inspecting and instrumenting software products. We work within your evaluation window, providing you with detailed analysis. Our service is designed to provide you with the information with which to make the most informed choice about how best to protect your business assets.

Product Vulnerability Research

Software and hardware often present an unknown risk within a organisation. Often products are mandated or can't be removed and as such understanding the potential exposure they present is key to structuring a defensive controls. Recx have strong experience inspecting products, reverse engineering, looking for vulnerabilities and where they're found looking to determine their potential.

If you have products in your organisation which present an unknown risk, we can perform detailed analysis and act as liaison with the vendor to establish an accurate risk picture and an effective defensive stance.

Security Research & Development

Recx are part of several formal UK Government research programmes in addition to maintaining long-standing working relationships with commercial companies. We work with these organisations creating innovative security solutions as well as working alongside our partners to help solve complex problems.


"We have always found Recx consultants to be very professional, highly knowledgeable and technical experts." - HMG Client


Consulting

Application Security Assessment

Recx has considerable experience in performing application security assessments, at all stages of the development life cycle and using all major technologies and languages from C applications in embedded real time systems through to enterprise Java running in the cloud.

We've moved away from doing traditional black-box security assessments, believing them to be inefficient, ineffective and not representative of actual attacker capability. In order for Recx to offer the most value to our clients, while ensuring efficient and accurate results delivery, we've found working closely with both the application source code and the developers gives the greatest customer return. We can work within both waterfall and agile development models and if desired submit any security issues directly into a bug tracking system.

Oracle APEX Security Consultancy

Recx are world leaders in the subject of Oracle Application Express applications and the security exposures typically found with their deployments. As well as our leading ApexSec product which Recx developed, we also offer bespoke security consulting to allow our experts to work alongside your developers. With our knowledge and tooling, we can educate teams in secure development practises so that you can secure your applications and continue to keep them secure.


"We have always found Recx consultants to be very professional, highly knowledgeable and technical experts." - HMG Client


Education

Training

Recx offers customised training delivered at the customer's site to class sizes of between 5 to 10 people. Our training packages are designed with different skill sets and abilities in mind on a range of both technical and management security subjects. We offer both defined training as well as bespoke courses designed around your specific needs. Ideally we look to tailor our training around your software, experiences or environment; and have frequently used the outputs of other assessments to create custom follow-on materials.


"Thanks so much for the tool as well as the valuable info in the presentation, I'll happily be sharing both with my dev team." - Audience, Source Boston