Skip to content

Penetration Testing

Put your cybersecurity to the test

SCHEDULE A CONSULTATION

Cybersecurity is like your health.

You can understand the parts you're made of, how they work, and the risks they face. You might even talk to an expert about the likelihood of an issue.

But you simply don't know until you test.

Penetration tests give you tangible evidence of vulnerabilities in your infrastructure.

The results are factual, not theoretical, and will highlight gaps in your security posture no other service can.

Our security testers have been in your shoes.

We've developed applications for banks and credit unions. We're responsible for secure infrastructure, and we understand the need for third-party testing to appease stakeholders.

We care about this work and your reason for testing. And so we take the time to understand your needs and the relevant threats to your industry.

And most importantly, our red team has a proven track record of identifying exploitable vulnerabilities — before hackers do.

3-3
SCHEDULE A CONSULTATION
1-Oct-20-2022-03-43-18-62-AM

Service Highlights:

  • Tailor your penetration test to your industry's Attacker Motivation and Threat Level

  • Validate your security posture

  • Choose from two reporting formats

  • Extend your service to include Board Presentation Support

Penetration testing provides both compliance and risk-focused benefits, including:

fuchsia-mountains-600x600

Evidence of your infrastructure's vulnerabilities

 

dark-purple-mountains-600x600

Knowledge of where to focus your cybersecurity efforts

 

light-purple-mountains-600x600

Proof that your organization is addressing security concerns

 

SCHEDULE A CONSULTATION

We understand attackers' motivations and their levels of sophistication...

...and this informs Our Process:

  • 01 KICKOFF CALL
  • 02 PENETRATION TESTING
  • 03 REPORT

Kickoff Call

We will hold a Kickoff Call with the appropriate stakeholders to define the attacker's motivation and threat level. We will also verify the desired level of exploitation, attack surface, and reporting detail required.

Then, we will review our Rules of Engagement document, which defines how we will engage and authorizes us to perform security testing on your systems. You must sign this document before we proceed.

Penetration Testing

Our red team will test your infrastructure for vulnerabilities per the identified attacker motivation, threat level, attack surface, and level of exploitation.

Report

We will provide a draft report for your comment and validation.

Then, we will present the final report: either a Memorandum of Findings or a comprehensive Penetration Test Report.

Security-Report-Sample

We offer reporting in two formats:

1. 

MEMORANDUM OF FINDINGS

We provide a list of discovered weaknesses and critical issues in a memo format. This concise report is designed for technical team members who can interpret and act on its findings.

2.

PENETRATION TEST REPORT

This comprehensive report includes an Executive Summary, a list of technical findings, and prioritized recommendations for remediation.

 

We also offer Board Presentation Support to help tell your security story to your Board of Governors.

With cybersecurity, it's better to be proactive than reactive.

And if you have security vulnerabilities in your application or infrastructure, it's much better that they're found by our red team than by malicious attackers.

Whether you need a penetration test for proof, knowledge, or verification, we can deliver the results you require.

SCHEDULE A CONSULTATION

Mirai Security is a process-focused consulting firm based in Vancouver, Canada. We are a dynamic group of cybersecurity experts with decades of experience building and operating security teams for the Canadian government, various critical infrastructure projects, the Vancouver 2010 Winter Olympics, and more.

In addition, we hold a rare engineering designation in the cybersecurity space, so our clients get novel insights and a proper, engineering-style approach to their enterprise network and data security. 

Cybersecurity is a fluid, complex field, and we’ve spent 30 years figuring it out so you don’t have to.