Network penetration testing gets you an in depth list of your networks vulnerabilities.
Penetration testing is one of the best ways to determine what vulnerabilities exist on your network.
Indeed. We encourage all of our penetration test customers to make sure the cyber security basics are done before we perform a test. This ensures you get the most value and we don't tell you things that you probably already knew.
While we don't follow any specific framework, we do leverage commonly accepted best practices. Depending on the focus of the assessment, we draw on the experience of our team members strengths. It's not common you'll find our testers running automated tools.
Do you develop applications? Do you use custom applications? We've spent years assessing web applications. We go beyond the OWASP Top Ten and heavily leverage manual testing to make sure your applications don't introduce undue risk to your business, or your customers.
Depending on your specific industry, application security assessments may be required for compliance. That being said, if you develop custom applications for internal use, or for customers, you are sure to benefit from an application security assessment.
Adversis heavily draws from industry standards such as OWASP. That being said, its pretty rare that output from tools such as Burp make up many of our findings. At Adversis, we spend a majority of the time using manual techniques looking at every. single. request. your web application makes. In fact, we go as far to limit junior testers from using automatic tools until their skills are at a point where they can intelligently use automated tools to assist them.
We don't mean to brag, but we're pretty good at application security. It's not uncommon for us to find creative vulnerabilities that have existed through multiple security reviews, until we got involved. Not only have we performed more assessment than we can count, but we've built applications and our analysts have multiple web related CVE's.
Typically reserved for the mature organization, this is a black box adversary emulation. Red team engagements are goal based. As some say, an inch wide, and a mile deep.
Attackers don't necessarily care about what SSL version you're running. What they do care about, is the shorted and stealthiest path to monetizing and exploiting your business. If you find yourself asking "Can an attacker hack in and get all of PII?", or "What would it take for an attacker to deploy ransomware?", then you might want a Red Team Engagement.
If you can't detect attacks, you most likely won't benefit from a Red Team Engagement. We steer customers in this position to a penetration test, where there isn't a focus on detection.
We've performed dozens of Red Team Engagements without impacting a business. That being said, it comes down to the goal, and how much you'd like to demonstrate impact. One practice we always follow is two person integrity, we always have two testers when sensitive system access is obtained.
Our founders have created some of the original AWS security tools. We've done dozens of cloud security assessments. Lets partner to make sure your cloud environment won't end up costing more than you can imagine if you get breached.
Our founders have released some of the original open source tooling around AWS security. We have extensive experience with AWS, Azure, GCP and others. If we've never worked with a particular "cloud provider", we'll be upfront. Luckily for us, the fundamentals stay the same so our cloud knowledge translates to every "cloud provider" you can come up with.
None of our customers are the same. We can tailor, snip, trim and add to all of our services. Some customers just want a high level road map for cloud resilience, some customers want a thorough penetration test focused solely on a specific AWS technology.
That depends on the scope. It can take from 2 weeks, up to several months depending on the size of the environment and the determined scope. Either way, it's not too often our scoping process misses something so deadlines are almost always met.
If physical security is one of your concerns, we can help. Typically a mixture of an unauthorized entry exercise, and a physical security audit, you will learn where your weaknesses lie, and how to fix them.
Yep. You sure can. Sometimes physical entry is an acceptable risk, and other times, it truly isn't. That's where we come in, it's one thing to think your security vendor has you covered, its another thing to know.
Definitely. We've performed physical security assessments for Fortune 500 companies, from corporate headquarters to offsite data centers. It comes down to the risk physical entry has for your business. Aren't sure? We don't sell services if we truly don't think you need it, so just ask!
It depends. When we do physical security assessments, we focus on what we get access to post-entry. In many cases, we attempt to gain access to the network once we get in.