We recon, hack and protect your website

Vulnerabilty Assessment

Vulnerability scanning using commercial and open source scanning tools. This task is performed by running an application [called as the vulnerability scanner] on the website and sometimes includes a range of manual testing with additional tools to further evaluate the security of applications to verify vulnerabilities discovered by the scanning tools.

Web App Penetration Test

Vulnerability discovery through automatic, manual, and custom techniques and Vulnerability exploitation and pivoting to other resources.

A pentest is often broken down into the following phases:

1. Reconnaissance

2. Scanning and enumeration

3. Exploitation (gaining access) and Post-exploitation (maintaining access)

4. Covering tracks

Bug Bounty

Many vendors and websites run bug bounty programs, paying out cash rewards to white hat hackers who report security holes that have the potential to be exploited.

Bug Bounty is also offered by the Invalid Web Security team and reward amounts will vary based on the severity of the reported vulnerability.

Network Pentration Test

The main objective for a network penetration test is to identify exploitable vulnerabilities in networks, systems, hosts and network devices (ie: routers, switches).

Including Re-Testing (re-test the vulnerabilities to verify fixes in network)

Post completion of the activity, a detailed report will be submitted to the client. The report format will be as under:

1. Executive Summary

2. Security Testing Methodology

3. Technical Reports

4. Engagement

Peter Christopher - CEO at CF Security

Jayson is very capable of finding obvious and subtle security holes and reporting them in a way that a programmer will know how to reproduce and patch those holes. You can trust him, and you will benefit from any time he dedicates to your project.

Nick Sweeting - DrChrono, Developer

Out of all the researchers who have been submitting bug reports to drchrono, Clifford is by far the highest quality reporter. He consistently provides clear, concise, hand-written reports, and works with us to get them resolved quickly. When me make changes or suggestions to reports, he's responded quickly and personally to every one of them. He is a true security researcher, he cares about security of the product more than the bounties, which is why we've happily given him so many of them.

Ivan Leichtling - Yelp Security Team

As part of Yelp's private bug bounty, Clifford has been a huge help. He's uncovered serious bugs that scanners, penetration testers, and our own engineering team didn't discover.

Corina Mansueto - Director of Social Media & Customer Service at Lavasoft

Evan assisted in identifying a vulnerability on our website. He was extremely easy to work with to have this issue resolved in a timely and professional manner. Thanks for all your help Evan, we greatly appreciate it.