RED™ Team Penetration Testing
Penetration Testing Timeframe
The typical infrastructure and web application test takes three weeks from start to finish, though larger testing scopes can increase the duration of the testing period. Automotive, embedded and IoT tests can take significantly longer due to the time required for reverse engineering and other laborious tasks.
- Kickoff: 1-hour call on first day of testing
- Testing Period: 2 weeks
- Report Creation: 1 week
- Final Readout: 1-hour call on final day
Penetration Testing Deliverables
Upon completion of the testing, we provide an overall report that has been internally peer reviewed. The report includes the following:
- Executive Summary
- Scope
- Limitations
- Overall Posture Assessment
- OWASP Web Application Security Posture Assessment
- Summary of Vulnerabilities
- Vulnerability Details for Each Issue
- Status (Reported, Resolved)
- Location (https://www.example.com/admin/application/logs/get_logs.py)
- Risk Level (Informational, Low, Medium, High, Critical)
- Impact (What an attacker could do with this vulnerability)
- Details (How the vulnerability works)
- Recommendation (How to fix the issue)
- Affected Hosts (List of all vulnerable hosts)
- Additional Information (Resources for additional reading)
RED Team Key Differentiators
We do a few things differently:
- Our fee includes one free re-test of each vulnerability within 30 days of the final readout
- Once we’ve finished retesting, we’ll update the report to reflect resolution of open items
- We’ll provide you with a customer-facing version of the report that excludes the detailed vulnerability information.