Side-channel analysis may be used by an adversary to recover secret information from some form of environmental data emitted by a cryptographic device or application. In this thesis, we discuss some of the challenges faced by evaluation bodies attempting to certify the resistance of devices and applications to side-channel attacks, with relevance to the development of the Common Criteria version 3.1 and FIPS 140-3 standardisation documents. We separate this question into two components: identifying the presence of information leakage in a detection phase, and determining the exact level of the resistance of a device in an exploitation phase. We explore these two components when applied to information leakage in cryptographic hardware and networked web applications. For the detection phase, we demonstrate how various hypothesis tests can be used to reliably detect the presence of information leakage, either as part of a "pass or fail" style approach or to identify instances of leakage warranting further investigation. For the exploitation phase, we present a novel method for combining the results of multiple differential power analysis attacks, finding that in some cases we can dramatically increase the success rate of an adversary using the same data set. We also focus on the implications of the growth in high-performance computing technologies on the evaluation processes, demonstrating that dramatic decreases in the running time of common algorithms can be achieved using modern general purpose graphics processing unit devices and a pipelined architecture. This suggests that the efficiency of the implementation of an attack should be of concern to side-channel evaluators and researchers.