RED™ Team Penetration Testing

Find Your Weak Links
Penetration testing helps you understand the strengths and weaknesses of your security program by testing it with the same techniques that advanced attackers use.
Our RED Team is comprised of world-class ethical hackers that hold key certifications such as Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE) and GIAC Penetration Tester (GPEN). We use industry standard frameworks such as NIST SP 800-115 to ensure uniformity of testing. Our RED™ Team can also perform full red team and blue team exercises.

Penetration Testing Timeframe

The typical infrastructure and web application test takes three weeks from start to finish, though larger testing scopes can increase the duration of the testing period. Automotive, embedded and IoT tests can take significantly longer due to the time required for reverse engineering and other laborious tasks.
  • Kickoff: 1-hour call on first day of testing
  • Testing Period: 2 weeks
  • Report Creation: 1 week
  • Final Readout: 1-hour call on final day

Penetration Testing Deliverables

Upon completion of the testing, we provide an overall report that has been internally peer reviewed. The report includes the following:
  • Executive Summary
    • Scope
    • Limitations
    • Overall Posture Assessment
    • OWASP Web Application Security Posture Assessment
    • Summary of Vulnerabilities
  • Vulnerability Details for Each Issue
    • Status (Reported, Resolved)
    • Location (
    • Risk Level (Informational, Low, Medium, High, Critical)
    • Impact (What an attacker could do with this vulnerability)
    • Details (How the vulnerability works)
    • Recommendation (How to fix the issue)
    • Affected Hosts (List of all vulnerable hosts)
    • Additional Information (Resources for additional reading)

RED Team Key Differentiators

We do a few things differently:
  • Our fee includes one free re-test of each vulnerability within 30 days of the final readout
  • Once we’ve finished retesting, we’ll update the report to reflect resolution of open items
  • We’ll provide you with a customer-facing version of the report that excludes the detailed vulnerability information.

Let's tailor the right solution for your business