ADVANCED PENETRATION TESTING SERVICES FOR ENHANCED SECURITY

Bad Rabbit Security offers a range of rigorous penetration tests customized to suit an organization’s needs, including full Red Team Exercises and Black Box testing. Having conducted reconnaissance against a company, our Crest Accredited Penetration Testers and CEH Certified Ethical Hackers will conduct simulated ‘’real world” attacks against a client’s infrastructure, both from the internet and internally. Subject to defined rules-of-engagement, we will attempt to exploit found vulnerabilities using custom and open source tools, escalate privilege and exfiltrate information.

​

Bad Rabbit Security carries out automated tests using commercial and open source tools combined with manual testing techniques, and during Red Team exercises our operatives will attempt to gain physical access to buildings and restricted areas using social engineering techniques to expose failings in facilities security and staff training, policies and procedures.

​

​

​

Bad Rabbit Security follows the Open Source Security Testing Methodology. Staged progress reports will be communicated to the client during the testing, and a full report comprising executive overviews in plain English plus full technical details, recommendations, lessons learned and mitigation strategies will be presented on completion.

​

Secure Code Review

​

Static Analysis (SAST) testing, performs “offline” analysis of source code. When used together with automated tools and manual penetration testing, code review is probably the single-most effective technique for identifying security flaws. 

​

Bad Rabbit Security’s code review is the process of auditing the source code for an application to verify that the proper security controls are present, that they work as intended, and that they have been invoked in all the right places.

​

Web Application Testing

​

Web applications are complex pieces of software that are exposed to the public internet and present a unique risk to businesses. Web Application Testing enables Bad Rabbit Security to help clients identify vulnerabilities in their web apps that may allow attackers to compromise their networks.

​

Dynamic Application Security Testing (DAST) is a method of security testing in which a running instance of an application is actively tested and probed using real traffic and requests. Also known as ‘black box testing’ our DAST tools do not have direct access to any server-side code, and will attempt to identify potential vulnerabilities within the application using much the same methods and access perspective as a manual, real-world hacker would – via its public interface.

​

DAST mirrors the way that a penetration tester would approach an attack, in that first it identifies injection points (paths or pages that are designed to receive and process data – such as contact forms) and then sends payloads (crafted sets of data designed to permit malicious behaviour) to an application, before analysing the response.

​

Bad Rabbit Security can scan and test your Single Page Apps (SPAs) and APIs including Swagger (Open API), GraphQL and SOAP endpoints for security flaws, with our powerful browser based crawler. We take a first principles approach to vulnerability detection, and therefore are technology agnostic and not bound to any platform or framework. Dynamic fuzzing technology allows visibility of the true attack surface.

​

Bad Rabbit Security uses the OWASP Testing Framework and can provide custom assessments for unique web applications.