KoreLogic offers red and blue team testing, custom solution development, and high performance password auditing. KoreLogic provides highly skilled cyber security services to Fortune 100 companies and the U.S. Government.

Offense: Our Approach to Security Testing

Clients ask us to provide penetration testing as a security best practice, to meeting regulatory compliance, or to meet Board and customer expectations. While we tailor each test to our client's needs, the common denominators include:

  • Understand the business drivers for the test and how the results will be used.
  • Determine why the target system is important and if specific threat actors are of concern.
  • Develop test hypotheses, test to confirm the hypotheses, and pursue those that seem most plausible and that appear to pose the greatest risk to the target system.
  • Mimic methods used by sophisticated attackers. This requires creative, manual testing; not simply running automated tools.
  • Identify vulnerabilities and their root cause (to reduce the likelihood that the vulnerability will re-emerge).
  • Communicate the test results to technical and management audiences with equal emphasis given to positive findings.

KoreLogic's Penetration Testing Services

Test Type What We Test
Mobile Mobile applications, devices, network elements and end-to-end services for mobile carriers, third party mobile service providers, and mobile applications developed by our clients.
Cloud Cloud-hosted mission-critical applications, SaaS providers and public or private cloud infrastructure.
Web Applications Web applications or other software to find defects such disclosure of sensitive information and vertical or horizontal privilege escalation.
Internal Network devices, servers, endpoints to gauge their resistance to attack by a malicious insider or compromised internal systems, effectiveness of isolation, etc.
External Public-facing systems to verify they are properly hardened for Internet-exposure.
Social Engineering Targeted email phishing campaigns to attempt to harvest credentials from users, phone calls to the helpdesk impersonating employees with access problems, etc.
Vendor Risk Management Testing of our clients' service providers who handle their confidential data or who have access to client IT resources.
Product Security Pre-release security testing of new products to help ensure they have been properly hardened for their intended uses.
Red Teaming Custom test scenarios that gauge the resistance to attacks against a client's most business-critical digital assets.
SCADA & ICS Tabletop security architecture review followed by targeted assessments such as of operator workstations, test or production SCADA/Industrial Control Systems, and analysis of network connectivity and traffic between SCADA and IT environments including network isolation, proper use of encryption, and credential management.
IoT Testing We test the security of IoT devices/sensors, IoT communications, IoT platforms, IoT applications/APIs/portals, and backend infrastructure including IoT-supported clouds.
Customized Hardware, Firmware and Embedded Software Testing Assessing the security of any hardware, firmware or embedded software system involves a determination if it has been securely designed; that its security functions perform effectively; and it is resistant to physical and logical attack.
This typically requires threat modeling, abuse case development and testing at the application, operating system, and network layers.
KoreLogic uses a combination of testing techniques such as: hardware and software reverse engineering, network or application capture/analysis/manipulation, protocol analysis, cryptanalysis, source code examination, custom software (e.g., device driver fuzzing) written to exploit suspected vulnerabilities, etc.

To see project examples of these security tests, see Impact Stories.