Assurance

At Risk X we pride ourselves on being output-driven with a strong focus on quality and customer satisfaction. All team members are permanently employed and qualified with certifications such as PNPT, OSCP, OSWE, CRTP, OSEP, OSED, CISA, CISM, CRISC, and OSWP. As a CREST-accredited penetration testing service we bring unparalleled expertise, rigorous methodologies, and industry-recognized credibility to help organisations strengthen their cyber defenses.

Penetration Testing

Risk X’s CREST (7708705-2) accredited penetration testing follows a customised testing framework aligned with the NIST-SP 800-115, The Open-Source Security Testing Methodology Manual (OSSTMM) and OWASP penetration testing frameworks. Our highly qualified team can deliver various penetration test types including but not limited to:

  • Network and Infrastructure Penetration Testing
  • Mobile Penetration Testing
  • Web & API Penetration Testing
  • Code assisted Web Penetration Testing or Whitebox Code Reviews
  • IT/OT Attack Modeling and Penetration Testing
  • Wireless Penetration Testing
  • Red Teaming and Physical Penetration Testing

Vulnerability Scanning

Our Managed PCI ASV scanning can take care of all your internet facing PCI ASV scanning requirements.  Risk X provides support and remediation assistance including logging false positives to the ASV vendor.

Cloud Security Assessment

We can perform cloud security assessments against AWS, GCP and Azure cloud environments. Cloud security assessments provide a comprehensive overview of the security for cloud environments with mappings to leading practice security baselines such as NIST and CIS standards.

A high-level overview of the engagement process is as follows:

  • IAM policy reviews for overly permissive roles and lack of least privilege enforcement.
  • Network configuration security assessment focusing on VPCs, firewall rules, and exposure of sensitive services.
  • Key management evaluations to ensure proper encryption key usage, access controls, and adherence to lifecycle and rotation best practices.
  • Resource configuration reviews for compliance with encryption, logging, and monitoring standards.

Examination of cloud-native services such as storage buckets, serverless functions, and containerized workloads for security misconfigurations