Home Carousel

put your security to the real test
red canari
we leave no stone unturned
we build the tools that power the industry

Discover who we are

About Us

Taking Security Assessments to a Whole New Level.

Red Canari isn’t your everyday, run-of-the-mill security firm. We’ve been successfully doing penetration tests and application assessments for over 15 years, with a focus on delivering high quality results to our clients. Our security assessments are more than just plugging in a scanner, running the latest tools, or checking a green box. Our research-driven team of highly hands-on information security specialists are capable of identifying some of the most sophisticated, hard-to-find vulnerabilities. Red Canari’s team is made up of seasoned security professionals with experience assessing a wide range of organizations and applications. From Fortune 100s to public sector clients, online banking to critical infrastructure applications – we’ve done it all and we’re certain we can help your organization raise its security bar! Is your company ready to take our test?

Discover Our Services

Our Services

Our Services

Red Canari is proud to offer the following high quality technical security services to both public and private sector clients.


Red Team as a Service

Your organization’s real world adversaries spend a lot more time testing your organization’s IT security controls and practices than your typical security contractor or professional. At Red Canari, we realized that the value of ad-hoc security assessments for medium to large enterprises is quickly diminishing because of this fact. To address this shortcoming we’ve developed a new and innovative approach to penetration testing – our 365 Red Team service offering.

The 365 Red Team service provides more comprehensive security coverage by perpetually testing your organization’s security controls and practices throughout the year. Red Canari provides a dedicated team of security experts whose main focus is to breach your organization’s perimeter and attempt to access your organization’s sensitive information assets – just like a real world adversary. The 365 Red Team service is the perfect fit for enterprises that wish to assess their security readiness in today’s hostile cyber environment.

learn more

Application Assessments

Our team of application security experts are well versed in web, mobile, and desktop application security. We have over 15 years experience performing application security assessments for clients in the financial, government, healthcare, and retail sectors. Unlike our competitors, our testing approach is far more comprehensive, capable of uncovering some of the most sophisticated and hard-to-find vulnerabilities with little reliance on scanners and tools. We pride ourselves in adopting a highly technical, research-driven, low-level methodology in our assessments.

Once we’ve completed the job, our satisfied customers are provided with a detailed report of our findings and recommendations in a digestable format suitable for both executives and solution developers. Finally, we offer technical support and guidance in the post-assessment/remediation phase to ensure that the recommended safeguards for your application have been properly implemented.

learn more

Enterprise Penetration Tests

With a 100% success rate, our enterprise penetration tests highlight the need for organizations to continuously test their security controls and practices. Our security experts have over 15 years assessing enterprise networks for organizations in the financial services, manufacturing, government, and retail services industry. Our testing methodology mimics the techniques of your organization’s real world sophisticated attacker. Our security experts pride themselves in having the ability to discover zero-day vulnerabilities in core enterprise technologies and exploit them.

Once we’ve completed the job, our satisfied customers are provided with a detailed report of our findings and recommendations in a digestable format suitable for both executives and solution developers. Finally, we offer technical support and guidance in the post-assessment/remediation phase to ensure that your organization’s sensitive information assets are protected.

learn more

Secure Code Assessments

Even in cases where your application has undergone a comprehensive black-box security assessment, there may be instances where a security practitioner or tool may miss a critical vulnerability. This is why it’s sometimes essential to look right at the source – your application’s source code. Red Canari’s team of security experts have helped many of their clients enhance the security of their desktop, mobile and web-based applications.

To provide our customers with better coverage, Red Canari has developed two service offerings in this space. Our first offering is our standard “on-demand” source code review assessment. Our second offering is our unique “as a service” offering which entitles our customers to continuous testing throughout the year. The advantage with our second offering is that it allows our customers to embed the security review process directly into their software development lifecycle.

learn more

Our Clients

Our Clients

Red Canari has had the pleasure of working internationally with many medium- to large-sized organizations spanning across a broad range of industry sectors.


Our threat intelligence framework powers 5 of the top 100 businesses in the world.

Government agencies and departments rely on our expertise to help safeguard their systems.

Our application assessments have helped protect the electronic medical records of millions of patients in the US and Canada.

Our cutting edge security research in core digital banking technology has helped financial institutions protect themselves around the world from potential breaches.

Our intelligence-driven 365 red teaming services have helped protect critical infrastructure systems in Canada and the USA.

Our advisory services have helped law enforcement agencies develop and implement open source intelligence solutions that power their deep web mining and analysis efforts.

Research & Development

Research & Development

Our security experts know their stuff! We have presented at some of the world’s largest security conferences, including DEF CON, BlackHat, and SecTor.

Canari Framework

The Canari framework is an open source open source intelligence framework used by many Fortune 100s to power their threat analytics platforms.

View Project


Presented at DEF CON 23, BurpKit is a next generation plugin that provides one of the most sophisticated integrations of WebKit for the de-facto standard web penetration testing tool, BurpSuite.

View Project



Presented at DEF CON 20, Sploitego is a penetration testing and open source intelligence transform package for Maltego that can be used to quickly identify and exploit an organization’s perimeter and internal network vulnerabilities.

View Project


Coming soon! Pakak is our revolutionary threat intelligence mining and analytics platform that will change the way organizations see security.

View Product