VAPT (Vulnerability Assessment/Penetration Testing)

Your company’s systems and networks are constantly being probed for weaknesses. Maybe your company is being specifically targeted by threat actors. More than likely your company is a target of opportunity for an attacker trying to find a way into the network or systems. Our goal is to help you find your weaknesses before an attacker does. 

Vulnerability Scanning 

We use the same state-of-the-art, industry-standard commercial and open-source vulnerability assessment tools, that some of the largest security conscious organizations in the world use, to scan the hosts on your internal and/or external network to identify vulnerabilities.  

Network Penetration Test 

Penetration testing takes the vulnerability scan even further. Our offensive security practitioners complement the automated vulnerability scanning tools with manual techniques to identify vulnerabilities that the typical vulnerability scanner may not be able to identify. 

Web Application/API Penetration Test 

Richter’s offensive security experts are well experienced with performing penetration tests on web applications and APIs according to well-known industry standards like OWASP Testing Guide, OSSTMM and NIST 800-115. We provide practical recommendations for fixing the vulnerabilities that we identify. 

Physical Site Security Assessment 

Our team of offensive security specialists can assess your physical premises for vulnerabilities that could allow an intruder to gain access to your information and systems. We employ a variety of tools such as rogue USB devices, RFID cloner and lockpicks to emulate the techniques that would be used by an actual intruder. 

Wi-Fi Security Assessments 

Our team of offensive security specialists can perform assessments of your Wi-Fi exposure, to identify poorly configured devices, susceptibility to rogue wireless access points, weak Wi-Fi passwords and areas of excessive signal leakage. 

Phishing Campaigns and Other Social Engineering Assessments 

We craft effective phishing campaigns to test your employees’ susceptibility to being “phished”. Upon completion of the phishing campaign, we provide details and statistics of which employees were tricked into clicking the links or opening attachments, so that targeted training can be provided to those who need it the most. 

Active Directory Security Assessments 

Our team of offensive security specialists will leverage a variety of tools to evaluate the overall security posture of your Active Directory. The Active Directory security audit is designed to provide you with specific actionable guidance to mitigate security risks to your Active Directory. The AD security audit focuses on several key pillars, including review of operational processes, review of privileged accounts/groups membership as well as regular account hygiene, and review of the forest and domain trusts. 

Cloud Security Assessments 

For many organizations that are migrating their workloads to the cloud, configuring security parameters may not be intuitive. Even for organizations that have been working with cloud services for many years, they may lose sight due to the complexity of cloud products and services. Richter uses a commercial, agentless solution to scan your cloud footprint and identify misconfigurations, network exposure, secrets, vulnerabilities, malware and interrelationships between assets.