security
information
Offensive Services
From Offensive Minds

WHAT WE DO

We are an information security company focusing on real world threats to you and your organization.

Red Siege is an information security consulting company that concentrates on the latest threats to organizations today. We perform in-depth analysis, determine organization/business risk, and find the vulnerabilities before the bad guys do. Our team includes internationally renowned experts who have been featured in international news outlets and conferences, including The Wall Street Journal, The Washington Post, a News Channel Asia Documentary.

FOCUSED ON YOU

What data if lost, stolen, or compromised would have the greatest impact on your organization? This is always our very first question. We focus on your unique needs instead of just “winning” the penetration test.

SERVICES

Assumed Breach Assessment

A small compromise can have big consequences. We start as a low privileged user and move through the network in an attempt to access the data the matters to you. This assessment simulates that of a compromised internal host/user or a rogue trusted insider. Assumed Breach more closely resembles the current threats than the traditional penetration test.

Red Team & Adversary Simulation

A goal-based assessment where we attack just like a real world adversary. This includes external attacks and targeted phishing to demonstrate the real risk to your data. We test your defenders (people) as well as the defenses (technology). Detection and response is a critical aspect of a well-rounded defense.

Penetration Testing

We enumerate your systems and services to identify vulnerabilities that put your organization at risk. Our goals are not technical wins, but goal focused around you, your data, and your processes. This is not a commodity penetration test, instead it is customized for your organization. We report on the issues that actually pose and actual risk to your organization.

Web Application Penetration Testing

An in-depth analysis of your web application and APIs to find security issues related to programming errors, misconfigurations, and application architectural issues. We will perform automated and manual runtime analysis of your application to identify more than just a scanner. Our testing includes custom test cases to fuzz your application and find the faults before the bad guys do.

Purple Team

This engagement is designed to test and train the Blue Team. We can work with or without an in-house Red Team. We’ll work with your defenders to document and measure in detection and response capabilities.

Mobile Application Assessment

We look at your mobile application and the associated infrastructure to find configuration weaknesses, server-side issues, insecure authentication and access control, and other issues related to the latest attacks on mobile applications.

What I like best about the report is the level of detail. I like that you provide the commands used to arise at a finding. It allows me to retest easily. I also like that in most cases, you illustrate how to resolve the finding. This means I can easily assign tickets with specific instructions on how to address a problem and then retest to ensure it was done properly. We have a small IT staff. We are jack of all trades and masters of none, so this level of detail and instruction is very beneficial for us.

Casey R.

Security Engineer, Undisclosed Financial Institution in NY

Red Siege did a great job focusing on real organizational risk. They took the time to understand our business, “what keeps us up at night”, and then tailored the assessment to focus on these areas.
Bill V.

CIO, Undisclosed Financial Institution

 Our Red Siege penetration testing engagement was a great success. The RedSiege team clearly brings their passion for security to their engagements and they delivered the most verbose and comprehensive report we have ever received from a vendor.
Carlo G.

CIO, Undisclosed Financial Institution

I read the report yesterday. This is one of the best-written, actionable pentest reports I’ve ever seen.
Doug H.

Technical Director, Undisclosed

CONTACT US

Follow Us
Search the site