Our Approach Is As Follows
- Information Gathering
- Threat Modeling
- Vulnerability Analysis
Network Penetration Testing
RedTeam’s comprehensive method for network penetration testing covers the classes of vulnerabilities in the Penetration Testing Execution Standard (PTES) and the Information Systems Security Assessment Framework (ISSAF), including but not limited to: CDP attacks, MIME testing, DNS enum/AXFR, SMTP relay, SNMP recon, port security, brute force, encryption testing and more.
Application Penetration Testing
RedTeam’s comprehensive method for application penetration testing covers the classes of vulnerabilities in the Open Web Application Security Project (OWASP) Top 10 2017, including but not limited to: Injection, Broken Authentication, Sensitive Data Exposure, XXE, Broken Access Control, Security Misconfigurations, XSS, Insecure Deserialization, using components with Known Vulnerabilities, and more.
Physical Penetration Testing
RedTeam’s comprehensive method for physical security penetration testing involves the OSSTMM and a proprietary approach developed through the years that includes but is not limited to: Passive Reconnaissance, Open Source Intelligence (OSINT), Active Reconnaissance (drones, onsite covert observation), Vulnerability Identification, Exploitation, Post-Exploitation and more.
Manual Testing vs Automated Testing
RedTeam’s approach consists of about 80% manual testing and about 20% automated testing – actual results may vary slightly. While automated testing enables efficiency, it is effective in providing efficiency only during the initial phases of a penetration test. At RedTeam Security, it is our belief that an effective and comprehensive penetration test can only be realized through rigorous manual testing techniques.
In order to perform a comprehensive real-world assessment, RedTeam Security utilizes commercial tools, internally developed tools, and the same tools that hackers use on each and every assessment. Once again, our intent is to assess systems by simulating a real-world attack and we leverage the many tools at our disposal to effectively carry out that task.
We consider the reporting phase to mark the beginning of our relationship. RedTeam strives to provide the best possible customer experience and service. As a result, our report makes up only a small part of our deliverables. We provide clients with an online remediation knowledge base, dedicated remediation staff, and ticketing system to close the ever-important gap in the remediation process following the reporting phase.
Remediation & Re-testing
Simply put, our objective is to help you take steps to correct your vulnerabilities, not just find them. As a result, remediation re-testing is always provided at no additional cost.
Learn more about RedTeam Security's advanced Application, Network and Physical Penetration Testing, Social Engineering and Red Teaming services.