Professional Services

Cybersecurity Penetration Testing

Identify vulnerabilities and test your security systems with our industry-leading cybersecurity penetration testing and assessment services.

Can Your Defenses Withstand Our Penetration Testers?

Get unrivaled transparency into the testing process with our cybersecurity pentesting and assessment services. With a focus on critical infrastructure networks, applications, and embedded devices:

We find what automated tools miss.
We mimic the most determined and sophisticated attackers.
We map and find high-risk attack patterns.

And you’ll get more than a standard report. We stand by our results and help fortify your organization against the next potential cyber attack.

Talk to an Advisor

A man on a phone and working with a laptop

Configuration Testing

Assess component configurations, such as third-party software, Infrastructure as Code, and platform and operating systems, to identify vulnerabilities requiring mitigation.

Threat-led Penetration Testing

Test your security program with threat scenarios, vulnerability testing, threat modeling, and pentest simulations that involve varied levels of sophistication and exploitations to create a prioritized remediation action plan.

Vulnerability Scanning

Combine internal and external vulnerability scanning to identify gaps in your network services that could be exploited by insider or external threat actors.

We were the firm trusted to test the largest, most dangerous connected medical device ever manufactured.

100+ Years Combined Experience Pentesting Critical Infrastructure

Plus 100s of engagements at major critical infrastructure organizations.

With our cross-discipline expertise and holistic understanding of all product components, we’re able to link and chain vulnerabilities across disciplines and develop virtual threat models unique to the product at-hand.

Application

Test application functionality — web or local — across all use cases, work flows, and roles, identifying and stacking vulnerabilities to determine how impactful the threat is.

Platforms

Test a platform, such as an OS powering an embedded device or physical component, local infrastructure platforms, and cloud-based environments.

Networking/Comms

Test wired or wireless, end-to-end, ingress/egress network communications and services, including the physical and application communication layers and payloads.

Hardware

Test physical hardware supporting an embedded device or physical component, such as physical interfaces, board-level memory chips and processors, debugging pins, and firmware.

Put Your Security Program to the Test

Ready to identify your most likely threat vectors and develop a pragmatic remediation plan to best secure your organization?

Plan a Pentest

Trusted to test the largest safety systems in the United States.

Advisories

We Track Down Zero-Day CVEs

Our cybersecurity researchers have identified and disclosed multiple zero-day Common Vulnerabilities and Exposures (CVEs) in networks, devices, and related software.

View more advisories

Verizon MiFi Invalidated CSRF Token for File Uploads

Impact: High

Verizon MiFi Escalated Privileges through Backup Restore Function

Impact: Medium

HtmlImport Unauthenticated Remote Code Execution

Impact: High

Services

Reinforce Gaps Identified in Your Security Assessment

Our cybersecurity services help you address urgent and long-term security goals for your organization.

Professional Services

Build a strong security program with our professional cybersecurity services.

Application Security

Protect the integrity of applications, firmware, or operating systems with third-party component analysis and application security support.

Architecture & Design

Build a secure foundation for your organization with layered security that covers endpoints, networks, data, and people.

Risk & Regulatory

Comply with industry security standards and address risk systematically with risk management services.

CISO Advisory

Partner with our CISO advisory team to enhance your cybersecurity leadership practice and strengthen your communication.

Managed Services

Focus on strategy by leveraging our ongoing managed cybersecurity services.

Detection & Response

Offload threat detection and response protocols to an experienced team of security professionals.

SBOM Monitoring & Analysis

Identify and reduce risk in the software supply chain with managed SBOM monitoring and analysis.

Engineering Support

Maintain the security infrastructure of your organization with a team experienced in operating cybersecurity systems.

Product Security

Ship secure products designed end-to-end with the security of you and your customers in mind.

Insights

Get the Latest Security Insights

Our security experts regularly share insights and updates from the field. View more Insights

Cyber Health: Lessons for Cybersecurity from COVID-19

Cybersecurity Trends and Insights

Much has been written about how COVID-19 has impacted cybersecurity during 2020, from heightened cybersecurity threats to foundationally challenging business resiliency. However, there are other lessons for cybersecurity which are unnoticed or under-emphasized. Swiss...

“What Could Possibly Go Wrong?” Attending MDIC’s Threat Modeling Bootcamp

Cybersecurity Trends and Insights

Last week, the Medical Device Innovation Consortium (MDIC) held the first of two planned bootcamps where medical device manufacturers, health delivery organizations, cybersecurity subject matter experts, and the FDA came together to learn and discuss all things threat...

Threats and Solutions to Wide Body Area Networks

Architecture and Design, Threats and Vulnerabilities

The healthcare industry is under continuous attack with cybercriminals targeting poorly controlled medical devices (Schiano, Sharman, and McClean, 2018). In the first two months of 2018, 24 healthcare organizations reported data breaches affecting over 1,00 patients...

You Can’t Fix What You Don’t Measure

No organization is 100% secure. Identify your critical infrastructure vulnerabilities and launch your remediation action plan with Level Nine.

Contact Us