Offensive Security Services

The web, API, or mobile application penetration testing aims to assess the in-scope service for vulnerabilities while following testing standards outlined by the Open Web Application Security Project. These include but are not limited to OWASP Top 10 (Web, API, and Mobile) and OWASP Web & Mobile Security Testing Guides. All web, mobile, and API penetration tests are performed as an authenticated user and an anonymous threat actor unless stated otherwise.

Blue Bastion’s penetration testers identify and exploit vulnerabilities using both automated and manual penetration testing Tactics, Techniques, and Procedures (TTPs) and report on the impact using evidence of validation and/or exploitation, as applicable.

We can simulate almost any scenario or threat actor, whether it’s a nation state, insider threat, or user compromised through a phishing email. We’ll work with you to identify weaknesses on your internal network, and provide specific, targeted recommendations for remediating everything we find.

Are you developing a new device? We’ll take it apart, poke it, prod it, and let you know what security flaws we find, along with proof of concepts to show them in action.

Whether adversarial or cooperative, we’ll test your physical infrastructure, to identify methods attackers could use to compromise your internal and external assets. The Blue Bastion team has years of experience performing physical assessments and ethical espionage throughout the public and private sectors.

Physical penetration testing focuses on testing the security of company facilities. These engagements can be done from many perspectives. On one end of the spectrum a tester might engage in social engineering during business hours looking to gain access to information or attach devices to a machine connected to the network. On the other end of the spectrum the tester or team of testers may replicate the threat of a burglar at 2:00 AM that will bypass alarms or perform other actions to achieve objectives. These engagements can replicate almost any attack path to gain access to a building targeting whichever assets are agreed upon.

Do you want to test your internal teams and security procedures? We can perform a stealthy red team assessment to test your people and processes. We can authentically replicate what an advanced attacker would do – without taking down your networks in the process.

Using our team’s offensive and defensive skillsets, we’ll work collaboratively with your team to emulate attacks and validate your controls. We will then help develop improvements based on our assessment as an iterative process. We’ll show you how the attacks were accomplished and how such attacks may be detected. A reassessment will be carried out, to make sure improvements work as expected.

Blue Bastion’s blended threat emulation team utilizes open source and commercials tools to manage the lifecycle of your vulnerabilities and remediations.