No two organizations are identical, which is why all of our services are tailored to meet your organizations unique needs. We’re entirely a cyber security testing and training company, which means that there is no implicit vendor bias and our testing is always impartial and free of any conflicts of interest.
- Network penetration testing
- Application penetration testing
- SaaS & Cloud
- Social engineering (Phishing, Vishing, In-Person)
- Red team
- Embedded device testing
- Radio Frequency and Protocol analysis
- Internet of Things (IOT)
- Smart Grid security
- Industrial Control Systems (ICS)
- Web Application Vulnerabilty Assessment
- API Testing
- SaaS & Cloud
- Source Code Review
- Thick Client Assessment
- AppTrust Application Certification
- Agile SDLC Integration and Testing
- Mobile Device Application Testing
- Mobile Application API
- Source Code Review
What to expectFrom the very start of engaging FYRM, you will be assigned a lead project point of contact who will guide you throughout the entire process. Your point of contact will serve as both the project manager and your senior technical resource for the engagement. The project manager and all team members will possess at least one industry certification (OSCP, CISSP, CISM, GPEN, etc.)
An engagement typically consists of scope confirmation, a kickoff meeting, weekly or more frequent status updates, knowledge transfer, report delivery, an optional re-testing period and a final outbrief. We encourage client staff to observe and monitor the testing process to learn from our experience, approach and methodology.
Downtime ReductionThrough a variety of methods, we make every effort to reduce downtime and impact to production environments. FYRM will tailor its testing where possible, while informing you of any reduction in testing effectiveness or increased risk exposure.
Frequent CommunicationStatus updates are provided on a weekly basis, at minimum. Depending on the nature of the test, if any high risk issues are discovered, FYRM personnel will notify client staff immediately. To assist in remediation activities, will share detailed exploit "walk-throughs" which demonstrate all steps required to replicate the exploit.
Accuracy and QualityUpon completion of technical testing and prior to report delivery, all deliverables undergo a thorough internal peer review process to ensure all testing is thorough, consistent and accurate. Relying on our ISO/IEC 17020:2012 accredited quality system, our testing is accurate and repeatable.
Testing MethodologyFYRM conducts assessments utilizing our SAVE methodology. The SAVE methodology is based on industry regarded best practices and standards to ensure each engagement is performed in an efficient, consistent, and thorough manner. Specifically, the SAVE methodology provides a simple and repeatable process that incorporates NIST SP800-115, ISSAF, OSSTMM, and OWASP principles.
SurveyFYRM Associates will review the target environment's architecture and determine an optimal plan of attack. Depending on the engagement goals, FYRM may perform open source intellegence and information gathering. FYRM will utilize a combination of manual techniques and automated tools to map and assess your environment in the most efficient manner. From simple environment footprinting, vulnerability testing, discovering 0-day vulnerabilities and cross referencing scan data from all sources, the Survey phase provides accurate results that eliminate false positives and prevent false negatives.
AnalyzeFYRM Associates evaluates each vulnerability identified during the Survey phase on an individual and combined basis in order to identify potential attack vectors. Each vulnerability is also analyzed according to the Common Vulnerability Scoring System (CVSS) to determine the corresponding severity scores as they relate to your organization. The attack vectors are analyzed and assigned a risk rating by calculating the exploitability of the vulnerabilities, attack probability, and impact to your organization. The combination of vulnerability severity scores and attack risk ratings provides your organization with an accurate portrayal of the environment’s overall information security posture.
FYRM Associates also performs “Root Cause” analysis to determine how the vulnerability was introduced in the environment. The result of FYRM Associates’ in-depth analysis is a prioritized Vulnerability Remediation. Your remediation efforts are reduced and simplified by our collaborative severity scores and risk ratings, Root Cause analysis, and Vulnerability Remediation Roadmap.