Approach

Request A Free Penetration Testing Estimate

Get A Quote

Our Approach

RedTeam Security’s approach to penetration testing and red teaming utilizes a comprehensive, risk-based approach to manually identify critical network-centric vulnerabilities that exist on all in-scope networks, systems, hosts, applications, staff and physical assets.

ApproachOur approach is as follows:
  1. Information Gathering
  2. Threat Modeling
  3. Vulnerability Analysis
  4. Exploitation
  5. Post-Exploitation
  6. Reporting
Network Penetration Testing

RedTeam’s comprehensive method for network penetration testing covers the classes of vulnerabilities in the Penetration Testing Execution Standard (PTES) and the Information Systems Security Assessment Framework (ISSAF), including but not limited to: CDP attacks, MIME testing, DNS enum/AXFR, SMTP relay, SNMP recon, port security, brute force, encryption testing and more.

Application Penetration Testing

RedTeam’s comprehensive method for application penetration testing covers the classes of vulnerabilities in the Open Web Application Security Project (OWASP) Top 10 2017, including but not limited to: Injection, Broken Authentication, Sensitive Data Exposure, XXE, Broken Access Control, Security Misconfigurations, XSS, Insecure Deserialization, using components with Known Vulnerabilities, and more.

Physical Penetration Testing

RedTeam’s comprehensive method for physical security penetration testing involves the OSSTMM and a proprietary approach developed through the years that includes but is not limited to: Passive Reconnaissance, Open Source Intelligence (OSINT), Active Reconnaissance (drones, onsite covert observation), Vulnerability Identification, Exploitation, Post-Exploitation and more.

Manual Testing vs Automated Testing

RedTeam’s approach consists of about 80% manual testing and about 20% automated testing – actual results may vary slightly. While automated testing enables efficiency, it is effective in providing efficiency only during the initial phases of a penetration test. At RedTeam Security, it is our belief that an effective and comprehensive penetration test can only be realized through rigorous manual testing techniques.

Learn more about some of the pitfalls of relying too heavily on automated testing here.

Tools

In order to perform a comprehensive real-world assessment, RedTeam Security utilizes commercial tools, internally developed tools and the same tools that hacker use on each and every assessment. Once again, our intent is to assess systems by simulating a real-world attack and we leverage the many tools at our disposal to effectively carry out that task.

Reporting

We consider the reporting phase to mark the beginning of our relationship. RedTeam strives to provide the best possible customer experience and service. As a result, our report makes up only a small part of our deliverable. We provide clients with an online remediation knowledge base, dedicated remediation staff and ticketing system to close the ever important gap in the remediation process following the reporting phase.

Remediation & Re-testing

Simply put, our objective is to help you take steps to correct your vulnerabilities, not just find them. As a result, remediation re-testing is always provided at no additional cost.

Services Datasheet

Learn more about RedTeam Security's advanced Application, Network and Physical Penetration Testing, Social Engineering and Red Teaming services.

REQUEST

Strengthen Your Security Posture Today

Get Started!

TRUSTED BY TODAY’S LEADING ORGANIZATIONS

Our Penetration Testing, Social Engineering and Red Teaming services go beyond the checkbox to help prevent data breaches