Penetration Testing service provides cyber-attack simulations using real-world tactics, techniques and procedures (TTP).
Penetration Testing employs blended threat scenarios to test the effectiveness of your IT security defenses, policies and staff.
We deliver an integrated approach to assess your information security defenses by combining multiple testing strategies into a comprehensive offensive engagement, with the sole objective of gaining access to critical assets.
With Krypton Security, you can:
Red Team consists of conducting precision attacks against an organization in order to test the effectiveness and responsiveness of different parts of a security program.
Traditional penetration testing often excludes some of the avenues of attack and tactics that real attackers or threat communities are currently using in the wild.
Unlike traditional testing, an Adversarial Attack Simulation takes an integrated approach to assess your information security defenses by combining multiple testing strategies into a comprehensive offensive engagement, with the sole objective of gaining access to customer assets.
Krypton’s Adversarial Attack Simulation is comprised of the following engagement phases and components, customized to meet your security objectives:
For Application Security Testing, Krypton can analyze any type of web application regardless of the language it is written with. A software code audit, when implemented early in the SDLC (Software Development LifeCycle), will result in a smaller overall attack surface and lower the risk of potential data loss.
We use the OWASP Testing Guide for its assessment methodology, while for other assessment types Krypton has created and developed solid methodologies for testing any type of application. Krypton web application testing relies on the use of real-world tactics, techniques, and procedures.
Testing ensures complete coverage of the OWASP Top 10 web application risk categories:
Black Box Testing
Automated web application scanning with validated results to reduce false positives.
White Box Testing
Manual and automated source code analysis of application code base to determine the source of issues that could result in exploitation.
Grey Box Testing
Manually utilizing credentials to gain access to the inner workings for the application.
Hybrid (White/Grey) Testing
White Box Testing results being fed into a Grey Box Test to reduce time and provide actionable prioritized list of issues.
Web Services & API Testing
Accessing the API services is based upon building attack scenarios upon the endpoints provided. This includes both credentialed and un-credentialed testing.
iOS and Android & services they connect to
Krypton will execute Social-Engineering attacks on an organization’s target employees. Social-Engineering provides a baseline to the effectiveness of the education and awareness program and how well an organization can withstand a targeted social engineering attack.
Social engineering attacks have been increasing in frequency, due to the ease of attack and the ability to circumvent a number of security controls to gain access to sensitive information. Attackers are finding it significantly easier to circumvent stringent perimeter defenses by targeting the organization’s user population. Krypton performs a varying level of social-engineering attacks based on the maturity level of the organization which increases in sophistication as the information security program is enhanced.
With Krypton Security, you can:
This comprehensive process, when custom-tailored to the organization’s specific requirements, will allow us to discover as many potential attack vectors as possible – with the end-result of generating true, actionable intelligence so the necessary steps may be taken to eliminate these identified weaknesses using both technical and procedural safeguards before they may be used against the business and compromise operational integrity.
During this process, Krypton will work hand-in-hand with the client’s security and technical teams to complete the assessment. The output always includes a pragmatic report that details implementable solutions in a manner that is both useful to the organization’s technical department and clearly understandable to the management team.
Vulnerability Assessments identify and rank the exposures present within our clients’ systems and network.
Industry-leading automated scanners, configured with optimized settings, are utilized to analyze the target environment. This process discovers misconfigurations, unsupported software, missing patches, unintentionally open services, and publicly disclosed exploits, to name a few. The information can then be used to formulate a plan to eliminate the threats or reduce them to an acceptable level of risk.
Krypton performs this assessment from a secure public server. We offer Vulnerability Assessments as a standalone service, but also includes scanning at the end of our Penetration Tests. The vulnerability scanning phase is used as validation to ensure only the most common exposures were identified, as well as confirms that each of the findings identified through vulnerability scanning is validated.
The Krypton Security consultants perform validation of the discovered vulnerabilities, excluding denial-of-service (DoS), and removes all false-positives.
Our report outlines various findings and includes the pertinent validation screenshot or data.
During physical security assessments, Krypton bridges both the physical security components with the technological component to bring a blended approach to attacking physical locations.
Depending on the organization, Krypton can perform full attacks on physical locations which include piggy backing, lock picking, impersonation, badge cloning, and multiple other techniques to gain access to a facility. Krypton can also perform a physical security assessment that is overt in nature and does not rely on physically attacking the location itself.
With Krypton Security , you can: