Assurance
Penetration Testing
Risk X’s CREST (7708705-2) accredited penetration testing follows a customised testing framework aligned with the NIST-SP 800-115, The Open-Source Security Testing Methodology Manual (OSSTMM) and OWASP penetration testing frameworks. Our highly qualified team can deliver various penetration test types including but not limited to:
- Network and Infrastructure Penetration Testing
- Mobile Penetration Testing
- Web & API Penetration Testing
- Code assisted Web Penetration Testing or Whitebox Code Reviews
- IT/OT Attack Modeling and Penetration Testing
- Wireless Penetration Testing
- Red Teaming and Physical Penetration Testing
Vulnerability Scanning
Internal vulnerability scanning, facilitated ASV external vulnerability scanning…Risk X offers a managed vulnerability scanning service (through an Accredited Scanning Vendor partner) conducted by a dedicated team of skilled individuals.
Cloud Security Assessment
Risk X can perform cloud security assessments against AWS, GCP and Azure cloud environments. Cloud security assessments provide a comprehensive overview of the security for cloud environments with mappings to leading practice security baselines such as NIST and CIS standards.
A high-level overview of the engagement process is as follows:
- IAM policy reviews for overly permissive roles and lack of least privilege enforcement.
- Network configuration security assessment focusing on VPCs, firewall rules, and exposure of sensitive services.
- Key management evaluations to ensure proper encryption key usage, access controls, and adherence to lifecycle and rotation best practices.
- Resource configuration reviews for compliance with encryption, logging, and monitoring standards.
- Examination of cloud-native services such as storage buckets, serverless functions, and containerised workloads for security misconfigurations.