Know Your Areas of Weakness
Improve the cyber resilience of your systems, networks, and applications through worldclass pen testing.
Reflare’s strategic alliance with Dot.Bit delivers cost-effective penetration testing for your technologies and teams. Our integrated training and audit offering helps you achieve your security requirements.
Who is Penetration Testing for?
Penetration testing is for organisation who are proactively looking to strengthen the resilience of their technology.
Penetration testing a systematic process of probing for vulnerabilities in your networks and applications. It is essentially a controlled form of hacking — the ‘attackers’ act on your behalf to find and test weaknesses that criminals could exploit. Experienced penetration testers mimic the techniques used by criminals without causing damage. This enables you to address the security flaws that leave your organisation vulnerable.
Performing regular penetration tests is critical for complex systems. While a lot of security can be designed into an infrastructure plan, it is impossible to think of everything. Even large organisations often reinforce their gates while leaving the proverbial backdoor wide open.
Penetration testers come without the baggage of system knowledge that your IT team has. They don’t assume something will work in one way or another. They test it out and try to break in.
How Do We Help?
We are here to help you test your environment, identify the vulnerabilities before everybody else does and make sure you stay protected in this manner.
The value of penetration testing;
- Practical rather than theoretic security testing,
- Very close to what real attackers would do,
- Finds vulnerabilities that developers and administrators did not consider,
- Finds vulnerabilities that exist between components, and
- Serve as a drill for a real cyber-attack.
The exact scope and risk level of a penetration test needs to be adjusted on a case-by-case basis. Some companies wish to only be exposed to a light attack with plenty of safeguards in place. Others wish to experience the same brunt that a real attacker brings to the table. Both approaches have benefits and drawbacks and our team will gladly walk you through the discovery process to find what is right for you.
At the end of a penetration test you are provided with a test report listing steps taken and issues found. Your IT team can use it to improve your overall security and make sure that criminals can no longer exploit the same vulnerabilities.
Overall, penetration testing is one of the most cost-effective and thorough measures you can take to improve the security of your organisation. Pen testing is at it most effective when complimented with vulnerability assessments.
User Testing
A key part of penetration testing is to continuously test and train the technical users who operate your networks and systems. Reflare’s Certified Secure (RCS) user training programs ensure your training requirements are implemented with ease.
RCSD Curriculum
(Reflare Certified Secure Developer)
-
Runs in the cloud
All of the lessons and challenges run entirely on Amazon's AWS infrastructure. This means we can scale to any number of users and you don't need to install any software.
-
User-Centric design
After every practical video lesson, trainees must complete the demonstrated attack or defence technique in a live VM environment to advance. No final exams, tedious cramming, or multiple-choice questions. Just effective study and real-world experience in writing more secure code.
-
Per user licensing
You can buy additional training licences to expand your organisation’s IT security capabilities beyond immediate compliance requirements. No hidden fees or yearly costs for content updates. You decide if, and when you want to retrain specific team members.
-
Anyplace, anytime
Allow your users to train at a time that suits them. On site, on the road or at home, all that is required is an internet connection in a modern HTML5 browser.
-
Track progress
Add your trainee, set your completion date, and leave the rest to us. We take care of trainee commencement, tracking and deadline reminders. Your easy-to-use admin interface allows you to track group and individual developers' progress.
| RCSD Lessons for Developers - Stage A |
|---|
| Lesson 1: Introduction & How-To |
| Lesson 2: Input Validation - Cross-Site Scripting (XSS) |
| Lesson 3: Client Side Input Validation |
| Lesson 4: Input Validation - SQL Injection (SQLi) |
| Lesson 5: Input Validation - Command Injection (CMDi) |
| Lesson 6: Input Validation - File Uploads |
| Lesson 7: Input Validation - Remote File Inclusion (RFI) |
| Lesson 8: Forced Browsing |
| Lesson 9: Directory Traversal |
| Lesson 10: Authentication |
| Lesson 11: Session Management |
| Lesson 12: Authorization |
| Lesson 13: Sniffing, MITM & SSL |
| Lesson 14: Open Redirects |
| Lesson 15: Cross-Site Request Forgery (CSRF) |
| Lesson 16: Information Leakage |
| Lesson 17: Browser Security Measures |
| Lesson 18: Simple Scanner Usage |
| Lesson 19: Closing Thoughts |
| RCSD Lessons for Developers - Stage B |
|---|
| Lesson 1: XPath Injection |
| Lesson 2: Buffer Overflows |
| Lesson 3: Secure Cryptographic Storage |
| Lesson 4: Encrypted Databases |
| Lesson 5: Logging |
| Lesson 6: Environment Separation |
| Minimum time commitment to complete RCSD training: 4 hours. |
|---|
Advantages and Benefits
Our world-class penetration testing compliance solutions aim to keep your systems secure.
Mitigate Flaws
Almost every application has had flaws. While most applications perform exactly as intended, the implementation of appropriate security protocols are often overlooked. Our extensive penetration testing increases transparency and traceability by enabling your organisation to monitor the current state not only of your applications but your entire IT, regardless if it runs on-premises or is cloudbased. We manage the implementation of the necessary technical solutions that protect your business from security breaches or exploitation.
Increase Resilience
As the world evolves with digital transformation and innovation, and through expanding adoption of technologies like cloud and IoT, access to your data and keeping your data safe becomes a growing challenge. Building and maintaining information systems resilient to overwhelming threats and malicious actors becomes vital in sustaining your business. Reflare and Dot.Bit have teamed up to help you with precisely that, and our experts will show you just how secure your business really is.
Build Capability
Your developers hate their current IT security training. Don’t believe us? Just ask them! Most training platforms are static, tedious and end in a multiple-choice test devoid of any real-world application. For most users, security training programs are a nuisance, not a chance to improve their skills. Investing in your users is key to delivering meaning for IT security, and RCS training ensures ongoing talent compliance while remaining focused on trainee experience and applicability.
Reflare partners with leading organisations such as...
Get Started
Ready to learn more? We are here to help!
Message our team to book a virtual consultation.
Send us a direct message from your email account.
Please include the nature of your inquiry and contact
method you would prefer us to use to respond.
Email Us
To begin the proposal process, simply click below to access our enquiry form,
select your compliance requirements,
and one of our team members will be in touch
Get Started