Red Team


> Penetration Testing

Cipher gives you peace of mind knowing that your company is secure by putting your people, processes, and technology to the test.

Penetration testing (also referred to as pen testing) is the practice of examining a computer system, network or application to find vulnerabilities that an attacker could exploit. The assets within a company’s network should be tested on a regular basis utilizing real-world scenarios that emulate the actions of an external and internal attacker.
The number of entry points into corporate networks is often increasing due to company growth and new technology being incorporated. Many organizations are required to perform pen testing at least annually as part of being compliant with industry’s mandates.
Cipher has helped companies and organizations around the world stay secure since 2000. Our team of ethical hackers are experienced and trained in the latest tools and advanced techniques utilized by attackers. We use the best and most well-known frameworks and methodologies in the market, such as NIST SP 800-115, Technical Guide to Information Security Testing and Assessments, and Open Web Application Security Project (OWASP) .
Cipher effectively emulates sophisticated attack scenarios that impact organizations. The results of every penetration test completed by Cipher are included in a detailed, actionable report on the systems and network identified, exploitation results, tactical and strategic recommendations.

Cipher Penetration Testing is:

Tailored to Your Needs

Cipher provides white box, grey box and black box penetration tests.

Different scenarios call for different types of penetration tests. In black box penetration tests, the tester has no information about the system. In grey box tests, they have some information. In white box tests, they have passwords and other items to gain access. In some cases, areas will be off-limits for the tests as well. Cipher’s experts will consult with your organization to determine what scope if appropriate to meet your goals.

Real World Scenarios

Cipher’s ethical hackers think like the adversary.

Our team of experts perform the simulated attacks by going through each phase of the cyber kill chain. The exercise will see how the Blue Team defenders respond. The ethical hackers start by conducting reconnaissance and proceed through infiltration to exploitation. Cipher ethical hackers use the same tools as actual malicious hackers. The toolbox includes well-known kits like Kali Linux, Metasploit and other custom tools selected for the job at hand. Social engineering can also bring into play to see how your team members respond.

Important for Compliance

Cipher’s penetration testing service allows you to meet compliance guidelines.

The importance of penetration testing is recognized by organizations that validate cybersecurity. For example, Payment Card Industry (PCI) compliance involves a quarterly penetration test. When we conduct the test, we pay close attention to the guidelines and criteria involved. Maintaining compliance with regulations and adhering to the law is important to maintain brand reputation and conduct business without interruption.

Penetration Test for Mobile Apps

Cipher can test your mobile applications to test security.

As networks expand and new software is developed, the number of entry points increases. Mobile application use has skyrocketed in the last decade. Ensuring your company’s mobile apps on operating systems like iOS and Android is critical. There can be a false sense of security that apps are more secure than websites or other areas. We can test using different devices and scenarios to make sure data is not leaked and the system is secure.

Action Plan to Improve

Cipher prepares a comprehensive report that can be used for compliance and to improve.

The report that we compile following the penetration test includes:
  • Scope analysis
  • Tests performed
  • Vulnerabilities found
  • Vulnerabilities exploited
  • Strengths encountered
  • Recommendation to fixes to issues discovered
In addition to a report, the Cipher experts will be available to answer any questions on the results and findings.

Penetration Testing Podcast Episode

Listen to one of our senior penetration testers give some expert tips on our Podcast.

We cover the difference between a vulnerability assessment and penetration test. The Cyber Kill Chain components, including phishing and web server exploits are discussed. The guys also go over noteworthy attack techniques and tactics. Finally, we touch on application security testing works.