Whitebox Testing

What? Whitebox testing is a method of testing software where the tester has access to the internal structure and design of the code being tested. This type of testing is also known as "clear box testing" or "glass box testing."

How? Whitebox testing involves testing the code at the unit level, as well as the integration of the units. This includes testing individual functions, methods and classes, as well as the interactions between them. Testers use a variety of tools such as code coverage analysis, static code analysis, and dynamic analysis to test the code.

When? Whitebox testing is usually done during the development phase of the software, before it is released to the end-users. It is an ongoing process that is done throughout the development cycle to ensure that the code is free of bugs and that it meets the requirements and specifications. It is also done after the release to ensure that the software is stable and reliable.

Perimeter

What? A scenario-driven testing approach to simulate remote attackers aiming to breach perimeter defenses via remote infrastructure weaknesses or via targeted attacks against user end-point systems.

How? We learn the current threat model, agree on scenarios to simulate with time-limits and terms, then play each out, documenting observations, findings, and countermeasures. Scenarios can include: Network Perimeter Attacks: Perform OSINT and map internet attack surface then attempt to gain access to sensitive system data or establish a network foothold. Phishing Simulations: Measure specific security controls and awareness training for users and high-value targets (spear-phishing campaigns) that could result in compromised credentials and malware.

When? Periodically (e.g. quarterly, bi-annually) to incrementally measure and improve defences; Ad-hoc to verify major infrastructure changes; Annually to get the most out of penetration testing obligations.

Assumed Breach

What? A scenario-driven testing approach to simulate attackers who have already breached the perimeter defenses and are attempting to move laterally through the network and gain access to sensitive data or systems.

How? We work with network engineers and security operations teams to understand the current threat model and agree on specific scenarios to simulate, such as attempts to elevate privileges, exfiltrate data, or establish persistence on compromised systems. We then play out the scenario, documenting observations, findings, and countermeasures.

When? Ad-hoc, to verify major infrastructure changes or to test incident response plans; Annually, to measure and improve defenses; or as needed, to simulate specific threat actors or attack scenarios.

DevOps Consulting

Our consultants will work with your team to understand your unique needs and develop a tailored DevOps strategy that will help you speed up software development and delivery. We will take the time to understand your current processes, systems and pain points, and work with you to identify the areas that can be improved. Our team has a deep understanding of the various DevOps practices, tools and methodologies and will provide guidance on the best approach for your organization. Our goal is to help you implement a DevOps strategy that is tailored to your specific needs and that will enable your organization to deliver software faster, with higher quality and greater reliability. We will work closely with you throughout the entire process, from assessment to implementation, to ensure that the outcome aligns with your objectives and that you are fully satisfied with the results.

Automation

We can help you automate your software development and deployment processes, reducing the time and effort required to deliver updates and features. Automation helps to eliminate repetitive manual tasks and ensure consistency across your environment. This can help to reduce the risk of human error, increase efficiency and speed up your software development and deployment process. Our team of experts can also help you in implementing continuous integration and delivery (CI/CD) practices, which automate the testing, building and deployment of software. This enables more frequent and predictable releases and faster detection and resolution of issues.

Infrastructure as code

We can help you manage your infrastructure using code, allowing for faster and more efficient deployment and scaling. This includes implementing infrastructure as code practices, which allow for version control and easy rollbacks of changes, as well as the use of automation tools to streamline the deployment process. Our team can also assist in implementing configurations management solutions such as Ansible, Chef, Helm, and Terraform. This will help in ensuring consistency and standardization across your environment, making it easier to manage and scale in the long run.

Continuous integration and delivery

We can help you implement continuous integration and delivery (CI/CD) practices, allowing for faster and more frequent software delivery. This includes setting up automated testing, building and deployment pipelines, and utilizing tools such as ArgoCD, Jenkins, Bitbucket, and GitLab CI/CD. Implementing CI/CD practices allows for faster detection and resolution of issues, as well as more frequent and predictable releases. Our team can also help in implementing automated monitoring and alerting, to ensure that the software is working as expected and quickly identify any issues that arise.