Offensive Security

Penetration Testing , New Zealand, Wellington, Auckland, Christchurch, Penetration testing, Pentest, Pen Testing, Pen Test, Red Teaming, Red Team, Purple Teaming, Purple Team, Secure Development Training, Active Directory Security Training, Security Training, Security Services

A proactive approach to identifying and mitigating vulnerabilities before cyber threats can exploit them. We use OSSTMM and OWASP Testing Guide methodologies.

Our Services

Our Approach

Our comprehensive penetration testing methodology:

1

Phase 1
Scoping

  • Schedule a scoping meeting: CONTACT
  • Provide details about the scope of testing
  • Receive the Statement of Work (SoW)
  • Review and sign the SoW agreement
  • Agree on timelines
2

Phase 2
Pre-engagement

  • Confirm scheduling and timelines
  • Provide necessary test requirements such as credentials, URLs, etc
  • Establish communication channels using platforms like Teams, Signal, Slack, etc.
3

Phase 3
Testing & Reporting

  • Tier Zero Security commences testing activities
  • Maintain regular communication throughout the testing phase
  • Draft and peer-review the test report
  • Release of the finalised report
4

Phase 4
Post-engagement

  • Attend a post-engagement session for review and discussion
  • Provide feedback on the engagement
  • Request re-testing as required

Web Application Penetration Test

Ensure the robustness of your web presence through a comprehensive penetration test. Identify and address vulnerabilities to safeguard your website against cyber threats. Our team performs in-depth testing, providing detailed reports and recommendations for improvement. We go beyond surface-level assessments to secure your web assets effectively.

More Details

External Penetration Test

Examine your external-facing systems and networks to proactively identify and fortify potential entry points. Enhance overall cybersecurity resilience by conducting thorough external penetration tests. Receive actionable insights to secure your digital perimeter against external threats. Our team simulates real-world attack scenarios to evaluate your defences and provide strategic recommendations for improvement.

More Details

Internal Penetration Test

Evaluate the security posture within your network environment, uncovering and mitigating vulnerabilities that could be exploited by internal threats. Our internal penetration tests simulate attacks from within, ensuring that your internal network is robust against unauthorised access and potential exploits. Receive comprehensive reports with prioritised recommendations to strengthen your internal defences.

More Details

API Penetration Test

Assess the security of your application programming interfaces (APIs), ensuring they are robust against potential exploits and unauthorised access. Our API penetration tests delve into the intricacies of your API architecture, identifying vulnerabilities that could compromise data integrity and confidentiality. We provide detailed insights to secure your APIs and maintain the trustworthiness of your data transactions.

More Details

Mobile Application Penetration Test

Secure your mobile applications by identifying and rectifying vulnerabilities, safeguarding sensitive data and ensuring a resilient defence against cyber threats. Our mobile application penetration tests encompass both Android and iOS platforms, evaluating the security of your mobile apps comprehensively. Receive actionable recommendations to enhance the security of your mobile applications and protect user data effectively.

More Details

Artificial Intelligence Red Teaming

Evaluate your AI for vulnerabilities, including prompt injection, insecure outputs, hallucinations, and sensitive information leakage. Validate the integrity of training data flow to detect manipulation risks due to inadequate review. Assess the effectiveness of custom guardrails, ensuring they align with intended use and cannot be bypassed. Test the model's resilience against exploitation, such as triggering unintended actions on connected services such as databases. Analyse risks related to model cloning and ensure proper protections are in place to safeguard intellectual property and prevent misuse.

More Details

Wi-Fi Penetration Test

Verify the security of your wireless networks, ensuring they are resistant to unauthorised access and potential exploits. Our Wi-Fi penetration tests assess the strength of your wireless security measures, identifying vulnerabilities that could compromise network integrity. Receive detailed reports with practical recommendations to secure your Wi-Fi infrastructure and prevent unauthorised access.

Source Code Review

Thoroughly analyse your application's source code to identify and address potential security weaknesses. Our source code reviews go beyond automated scans, providing manual analysis to uncover hidden vulnerabilities. Receive detailed reports with code snippets and actionable recommendations to fortify the security of your software applications at the foundational level.

Host Hardening Review

Evaluate and strengthen the security configuration of your host systems, minimising the attack surface and enhancing overall system resilience. Our host hardening reviews focus on optimising server configurations to reduce vulnerabilities and improve resistance against cyber threats. Receive comprehensive reports with step-by-step recommendations to secure your host environments effectively.

Firewall Configuration Review

Assess the effectiveness of your firewall configurations, ensuring they provide robust protection against unauthorised access and potential security threats. Our firewall configuration reviews analyse rule sets, policies, and configurations to identify weaknesses and gaps. Receive detailed reports with recommendations to optimise your firewall settings for enhanced security and threat prevention.

Device Configuration Review

Examine and optimise the security configurations of your devices to prevent potential vulnerabilities and fortify your overall cybersecurity infrastructure. Our device configuration reviews cover a range of devices, from endpoints to network devices. Receive comprehensive reports with prioritised recommendations to ensure the secure configuration of all devices in your IT ecosystem.

Design Review

Evaluate the security architecture and design of your systems, identifying and rectifying potential weaknesses to ensure a robust and resilient security posture. Our design reviews assess the overall security framework, ensuring that your systems are designed with security in mind. Receive detailed insights and strategic recommendations to fortify the design of your IT infrastructure against evolving cyber threats.

Phishing Exercise

A phishing exercise is a simulated cybersecurity test in which organisations create fake email messages or other online communications to assess their employees' susceptibility to phishing attacks. The goal is to educate and train individuals on recognising and avoiding deceptive tactics employed by cybercriminals, ultimately enhancing overall cybersecurity awareness within the organisation. These exercises help reinforce your company security protocols and reduce the risk of falling victim to real phishing threats.

Ready to test your security posture?

Our comprehensive penetration testing services help identify vulnerabilities before attackers can exploit them.

Request Assessment

Contact

Get in touch