From Offensive Minds
WHAT WE DO
We are an information security company focusing on real world threats to you and your organization.
Red Siege is an information security consulting company that concentrates on the latest threats to organizations today. We perform in-depth analysis, determine organization/business risk, and find the vulnerabilities before the bad guys do. Our team includes internationally renowned experts who have been featured in international news outlets and conferences, including The Wall Street Journal, The Washington Post, a News Channel Asia Documentary.
FOCUSED ON YOU
What data if lost, stolen, or compromised would have the greatest impact on your organization? This is always our very first question. We focus on your unique needs instead of just “winning” the penetration test.
Assumed Breach Assessment
A small compromise can have big consequences. We start as a low privileged user and move through the network in an attempt to access the data the matters to you. This assessment simulates that of a compromised internal host/user or a rogue trusted insider. Assumed Breach more closely resembles the current threats than the traditional penetration test.
Red Team & Adversary Simulation
A goal-based assessment where we attack just like a real world adversary. This includes external attacks and targeted phishing to demonstrate the real risk to your data. We test your defenders (people) as well as the defenses (technology). Detection and response is a critical aspect of a well-rounded defense.
We enumerate your systems and services to identify vulnerabilities that put your organization at risk. Our goals are not technical wins, but goal focused around you, your data, and your processes. This is not a commodity penetration test, instead it is customized for your organization. We report on the issues that actually pose an actual risk to your organization.
Web Application Penetration Testing
An in-depth analysis of your web application and APIs to find security issues related to programming errors, misconfigurations, and application architectural issues. We will perform automated and manual runtime analysis of your application to identify more than just a scanner. Our testing includes custom test cases to fuzz your application and find the faults before the bad guys do.
This engagement is designed to test and train the Blue Team. We can work with or without an in-house Red Team. We’ll work with your defenders to document and measure in detection and response capabilities.
Mobile Application Assessment
We look at your mobile application and the associated infrastructure to find configuration weaknesses, server-side issues, insecure authentication and access control, and other issues related to the latest attacks on mobile applications.
What I like best about the report is the level of detail. I like that you provide the commands used to arise at a finding. It allows me to retest easily. I also like that in most cases, you illustrate how to resolve the finding. This means I can easily assign tickets with specific instructions on how to address a problem and then retest to ensure it was done properly. We have a small IT staff. We are jack of all trades and masters of none, so this level of detail and instruction is very beneficial for us.