Red Canari is proud to offer the following high quality technical security services to both public and private sector clients.
Red Team as a Service
Your organization’s real world adversaries spend a lot more time testing your organization’s IT security controls and practices than your typical security contractor or professional. At Red Canari, we realized that the value of ad-hoc security assessments for medium to large enterprises is quickly diminishing because of this fact. To address this shortcoming we’ve developed a new and innovative approach to penetration testing – our 365 Red Team service offering.
The 365 Red Team service provides more comprehensive security coverage by perpetually testing your organization’s security controls and practices throughout the year. Red Canari provides a dedicated team of security experts whose main focus is to breach your organization’s perimeter and attempt to access your organization’s sensitive information assets – just like a real world adversary. The 365 Red Team service is the perfect fit for enterprises that wish to assess their security readiness in today’s hostile cyber environment.
Our team of application security experts are well versed in web, mobile, and desktop application security. We have over 15 years experience performing application security assessments for clients in the financial, government, healthcare, and retail sectors. Unlike our competitors, our testing approach is far more comprehensive, capable of uncovering some of the most sophisticated and hard-to-find vulnerabilities with little reliance on scanners and tools. We pride ourselves in adopting a highly technical, research-driven, low-level methodology in our assessments.
Once we’ve completed the job, our satisfied customers are provided with a detailed report of our findings and recommendations in a digestable format suitable for both executives and solution developers. Finally, we offer technical support and guidance in the post-assessment/remediation phase to ensure that the recommended safeguards for your application have been properly implemented.
Enterprise Penetration Tests
With a 100% success rate, our enterprise penetration tests highlight the need for organizations to continuously test their security controls and practices. Our security experts have over 15 years assessing enterprise networks for organizations in the financial services, manufacturing, government, and retail services industry. Our testing methodology mimics the techniques of your organization’s real world sophisticated attacker. Our security experts pride themselves in having the ability to discover zero-day vulnerabilities in core enterprise technologies and exploit them.
Once we’ve completed the job, our satisfied customers are provided with a detailed report of our findings and recommendations in a digestable format suitable for both executives and solution developers. Finally, we offer technical support and guidance in the post-assessment/remediation phase to ensure that your organization’s sensitive information assets are protected.
Secure Code Assessments
Even in cases where your application has undergone a comprehensive black-box security assessment, there may be instances where a security practitioner or tool may miss a critical vulnerability. This is why it’s sometimes essential to look right at the source – your application’s source code. Red Canari’s team of security experts have helped many of their clients enhance the security of their desktop, mobile and web-based applications.
To provide our customers with better coverage, Red Canari has developed two service offerings in this space. Our first offering is our standard “on-demand” source code review assessment. Our second offering is our unique “as a service” offering which entitles our customers to continuous testing throughout the year. The advantage with our second offering is that it allows our customers to embed the security review process directly into their software development lifecycle.
Red Canari has had the pleasure of working internationally with many medium- to large-sized organizations spanning across a broad range of industry sectors.
Our threat intelligence framework powers 5 of the top 100 businesses in the world.
Government agencies and departments rely on our expertise to help safeguard their systems.
Our application assessments have helped protect the electronic medical records of millions of patients in the US and Canada.
Our cutting edge security research in core digital banking technology has helped financial institutions protect themselves around the world from potential breaches.
Our intelligence-driven 365 red teaming services have helped protect critical infrastructure systems in Canada and the USA.
Our advisory services have helped law enforcement agencies develop and implement open source intelligence solutions that power their deep web mining and analysis efforts.
Research & Development
Research & Development
Our security experts know their stuff! We have presented at some of the world’s largest security conferences, including DEF CON, BlackHat, and SecTor.
The Canari framework is an open source open source intelligence framework used by many Fortune 100s to power their threat analytics platforms.
Presented at DEF CON 23, BurpKit is a next generation plugin that provides one of the most sophisticated integrations of WebKit for the de-facto standard web penetration testing tool, BurpSuite.
Presented at DEF CON 20, Sploitego is a penetration testing and open source intelligence transform package for Maltego that can be used to quickly identify and exploit an organization’s perimeter and internal network vulnerabilities.
Coming soon! Pakak is our revolutionary threat intelligence mining and analytics platform that will change the way organizations see security.