Penetration Testing

CipherTechs goes far beyond vulnerability scans. CipherTechs Offensive Security Team breaks into applications and networks.

Regardless of the scope, CipherTechs always assigns a senior penetration tester to the project and devotes personal attention to your environment. Automated vulnerability scanning tools are used but that is just the beginning of the project - emphasis is always given to manual review and understanding context of the targeted environment. Depending on the scope agreed upon, CipherTechs can (and often does) compromise the target to demonstrate the severity of vulnerabilities discovered.

CipherTechs hires hackers, not auditors, to test your security through practical exploitation. The Offensive Security Team approach is to not treat each target simply as a set of technologies to attack, but to understand the business and attack and recommend solutions based on business context. Team members have discovered multiple public and private zero-day vulnerabilities affecting widely used products.

Professional-grade reporting and high quality customer service are hall marks of CipherTechs’ penetration testing services. You will not receive a 100 page report with Nessus or Rapid7 output. Any vulnerabilities will be given personal attention and compared against a litmus attack of “will this vulnerability contribute towards our customer being owned?”. Report delivery is not the conclusion of our engagements. Penetration testers are encouraged to maintain relationships with customers, walking through remediation detail as much as possible, and alerting customers when new vulnerabilities arise in technologies observed during the engagement. Executive summaries are tailored for each engagement and provide a high-level state-of-affairs including strengths and areas of improvement.

CipherTechs engagement success is not measured by showing off Domain Admin screenshots (although that does happen often!), but leaving our fingerprint on customers environments by making them much harder to compromise. Repeat customers become more challenging to compromise with every test and this is the truest measurement of value.

Despite delivering a high volume of penetration tests annually, CipherTechs remains a botique operation focusing on tailored personalized service for our customers.

Penetration Testing Services

  • Network Testing: External and Internal
  • Wireless Testing
  • Web Application Testing
  • Phishing, Spearphishing, and Social Engineering Testing
  • Cloud specific pentest scenarios
  • Wireless Testing
  • WAF, endpoint security, email gateway security assessments

When to have a penetration test

  • Technology and/or business owners want to know what a group of talented dedicated attackers can accomplish against their environment over a fixed period of time
  • Roll out of new networks, applications or technologies
  • New CISO or IT executive wants to quickly learn the environment and related parties using a third-party
  • Determine if changes (new infrastructure, significant configuration changes, etc) introduce vulnerabilities
  • Satisfy PCI, NYDFS, HIPA, Singapore ABS or other compliance requirements