Examines the application from a red-team or attacker’s point of view, simulating a real-world attack by an actor with authenticated access at some level. The tester actively assesses and attempts to exploit technical and business logic flaws, known software vulnerabilities, and design weaknesses in an application to provide a Proof of Concept that demonstrates strong business impact. The goal is to ensure that an application remains robust and secure.

An API Penetration Test assesses the security of an Application Programming Interface by identifying vulnerabilities such as authentication flaws, improper access controls, data leakage, and injection attacks. This type of test ensures that APIs are resilient against potential cyber threats and unauthorized access.

A Mobile Pentest tests the security of a mobile application, focusing on identifying
vulnerabilities that could be exploited by attackers. It evaluates the app's security controls, data handling, authentication mechanisms and potential points of exploitation, such as insecure storage, improper session management, or weak encryption practices.

By definition, external tests are conducted from a black-box or unauthenticated approach. Depending on the type of asset, the team will assess first if the asset is reachable, then perform reconnaissance to find out what type of services are available and what technologies are being used on those services. Then, a set of custom attacks are performed over all of the in-scope assets to meet the specific goals of the test, which could range from gaining access to a private network to checking if defense controls are well-implemented.

Internal pentests assess the security of the organization’s internal environment from the
standpoint of a regular low-privileged user. The main purpose is to check everything a regular user is allowed to do and leverage all of the information gathered to either move laterally through the network or to escalate privileges inside the provided host. This encompasses using information from the network where the user is located to access other networks, as well as checking Active Directory policies.

A Cloud environment manages a vast amount of functionalities and data, and because cloud testing is relatively newer, methods may differ from vendor to vendor. At Red Sentry, we focus on testing the core of your infrastructure, which includes Identity and Access Management setup, Databases, Applications deployed, Storage Objects, Logging capabilities, and Virtual Network settings.

A specialized security expert performs a deliberate and controlled assessment of physical devices that could be connected to a network. They aim to uncover vulnerabilities in hardware components such as medical devices, kiosks, mobile devices, IoT devices, and operational technology (OT). During the test, security experts simulate attacks, searching for exposed sensitive hardware components, software flaws, or misconfigurations that could allow unauthorized access or compromise the integrity of these devices. The goal is to identify weaknesses and enhance the security posture of connected hardware.

Focuses on identifying vulnerabilities in medical devices like pacemakers, infusion pumps, or MRI machines. The goal is to ensure patient safety, protect sensitive data, and prevent attacks that could compromise device functionality.

WiFi penetration testing assesses the security of an organization's wireless network. The goal is to discover vulnerabilities that could allow unauthorized access or exploitation, such as weak encryption, misconfigured access points, or insecure authentication mechanisms. It tests the infrastructure of the wireless environment including potential risks like rogue access points and man-in-the-middle attacks.

Physical pentests combine internal, wireless, and social engineering testing practices to asses the access control of a facility from the standpoint of a malicious actor physically present in a working environment. The main purpose of a physical pentest is to evaluate the efficiency with which the inhabitants of a facility or working environment either prevent a malicious or facetious actor from entering or identify and apprehend them once the have entered. The tester will attempt to use a combination of information gathered from on-site social engineering, access to poorly secured terminals or machines, and unsanctioned access to restricted areas to create proof of concept of a totally compromised working environment. Throughout the engagement they will continually test the capabilities of employees to identify apprehend a malicious actor.

Targets IoT devices and OT systems such as smart home gadgets, industrial control systems, or manufacturing equipment. The goal is to detect vulnerabilities that could allow unauthorized access or control, potentially disrupting operations.

Involves testing the security of critical infrastructure systems such as SCADA systems, PLCs, and other equipment used in industries like energy, water treatment, and transportation. The objective is to prevent disruptions to essential services and ensure operational integrity.

A source code audit involves a comprehensive review of a software application's source code to identify potential vulnerabilities, bugs, and areas for improvement. The goal is to enhance the security of the applications by identifying and eliminating vulnerabilities like SQL injections, Out-of-bounds Write, buffer overflows, XSS, etc; while also evaluating code quality for readability, maintainability, and adherence to coding standards. Additionally, a source code audit verifies that the code functions as intended and meets the software's requirements. Conducted either manually by experienced developers along with the aid of automated tools, regular audits are crucial for maintaining software security, quality, and efficiency.

Refers to penetration tests focused on bespoke or unique systems developed for specific organizational needs. The test evaluates the security of custom applications or infrastructures that may not fit within traditional testing frameworks.

Phishing examines the security protocol knowledge and security practices of employees.
Employees are contacted at various levels of obscurity and behind a variety of pretexts.
Attackers will attempt to pressure, coerce, or convince employees via text message, email, social media, or other means to reveal sensitive information or perform certain vulnerable functions such as downloading an unknown file and executing it, visiting an unknown website or even signing into a carefully crafted copy or variation of their own company website and therefore unintentionally revealing credentials. Testers (attackers) will leverage OSINT, publicly available information, aggressively to instill a sense of safety, security, urgency, or fear as appropriate to the lie being told to extract information or induce a security violation.

Vhishing examines the security protocol knowledge and security practices of employees at a one-by-one level. Employees are contacted directly at various levels of obscurity and behind a variety of pretexts. Attackers will attempt to pressure, coerce, or convince employees via phone interaction to reveal sensitive information or perform certain vulnerable functions such as downloading an unknown file and executing it, visiting an unknown website, or even signing into a carefully crafted copy or variation of their own company website and therefore unintentionally revealing credentials. Testers (attackers) will leverage OSINT, publicly available information, aggressively to instill a sense of safety, security, urgency, or fear as appropriate to the lie being told to extract information or induce a security violation.

A type of phishing attack that occurs via SMS messages, where attackers attempt to trick recipients into revealing sensitive information, such as login credentials, or downloading malicious software by mimicking trusted entities.

Simulates real-world cyberattacks to test an organization’s defenses, including human, physical, and technological aspects. Red Teams aim to test an organization's overall security posture by attempting to capture, compromise, or exfiltrate mission critical target assets selected in concert with the client inside the client's environment.

Involves inspecting the codebase of applications or systems for security vulnerabilities, such as injection flaws, insecure cryptographic practices, or improper error handling. This helps identify weaknesses early in the development process.

A Tabletop Assessment is considered a Purple Team assessment. It combines the Red and Blue team and can take place after the completion of a Red Team assessment or Physical Pentest. It can also occur as a stand-alone event that walks through a hypothetical attempt at penetrating the security of a physical environment. This assessment reviews the storyboard, PoCs, and test cases from an engagement step by step, allowing the team who performed the assessment to guide the security team of their client through the experience. It attempts to give the Blue Team a look into the mind of an attacker specifically targeting their own environment.

Custom Threat Modeling tests the potential vulnerabilities, attack vectors, and threats
specific to a particular application, system, or environment. It assesses how well the system can identify, prioritize, and mitigate risks by understanding the assets, entry points, trust levels, and security controls within the context of the organization.

A cybersecurity audit based on the NIST Cybersecurity Framework, which assesses an organization's cybersecurity practices against industry standards to identify gaps and improve overall risk management.

Assesses an organization's ability to respond to cyber incidents, including data breaches, ransomware, or insider threats. Consultants help prepare and improve response plans, ensuring that organizations can quickly contain and recover from security incidents.

A security audit focusing on the five Trust Service Criteria: security, availability, processing integrity, confidentiality, and privacy, primarily for SaaS and cloud-based companies to ensure they manage data securely.

Tests compliance with the Health Insurance Portability and Accountability Act, ensuring that healthcare organizations protect patient data through secure systems and proper protocols for handling medical information.

Focuses on the Payment Card Industry Data Security Standard (PCI DSS), ensuring that businesses handling credit card transactions have robust systems to protect cardholder data.

Evaluates an organization's adherence to the National Institute of Standards and Technology (NIST) Cybersecurity Framework to manage and mitigate cybersecurity risks effectively.

A compliance framework that provides best practices for securing IT systems and data. Pentests help validate if organizations adhere to CIS controls, which cover areas like malware defenses, data recovery, and access control.

Ensures compliance with the Food and Drug Administration's standards for devices, systems, and practices in the healthcare sector, specifically regarding the safety and security of medical devices.

A European Union regulation that ensures the privacy and protection of personal data. Pentests help ensure compliance with GDPR, focusing on data protection and breach notification requirements.

An international standard for information security management systems (ISMS). Penetration testing ensures organizations have effective security controls in place to protect sensitive data and meet ISO 27001 requirements.

A framework for managing information risk based on multiple standards, including HIPAA, ISO 27001, and PCI DSS. Pentests help organizations assess and improve their security posture against HITRUST certification requirements.

A framework for ensuring cybersecurity practices in the Department of Defense supply chain. Compliance pentesting ensures contractors meet the required cybersecurity standards to be eligible for government contracts.

Penetration testing for other specific regulatory frameworks or industry standards, including but not limited to FISMA, GLBA, or state-specific privacy laws.