Real World Testing
Red team tactics are invaluable when it comes to helping organizations understand the breadth of their attack surface. While smaller organizations may be able to focus on just certain areas, larger clients and organizations become increasingly targeted as they grow in size and industry. Utilizing red team tactics through comprehensive testing can help these types of organizations demonstrate how real-world attackers could penetrate networks and access sensitive data.
Red Team to the Rescue!
Comprehensive Red Team Tactics
- Reconnaissance
- Scope Verification
- Exploitation
- Reporting

Reconnaissance

Scope Verification

Exploitation

Reporting
Testing Credits
Shifting left is critical to the continued security in organizations. Most development is made better by moving security earlier in the process. But the traditional penetration testing of web applications and APIs doesn't fit well in the earlier stages of the software development lifecycle (SDLC).
Secure Ideas has created a process of testing credits to help solve these issues (especially when paired with SASTA). An organization can purchase credits to use over the next 24 months. Combined with a self-scoping system, these credits allow an organization to work with Secure Ideas within their development processes.
Scoping
Scope depends on the size of the organization. Larger organizations have larger attack surfaces, so these kinds of engagements can be more expensive. Using a random sampling of specific areas of the organization can help to keep costs down, but may not provide a comprehensive study of the organization’s attack surface.
Our pricing for this service is calculated from the estimated effort that was scoped and our daily rate. Some testing may require off-hours testing (for example, a physical break-in attempt). 10% of the overall price is added to the cost of the engagement for this purpose.
*Any tools which have not been provided by the client may be added to the cost of the engagement as well.