Redpoint Security — Application Security Research & Consulting

Code Security By Coders

REDPOINT
SECURITY

research / testing / Development / training

Our Story.

Founded in 2017, Redpoint Security is an application security consulting firm that is focused on all aspects of code security, whether through process improvement, framework research, or traditional application penetration testing. As speakers, contributors, and developers, our consultants have at least a decade of experience in the information security industry.

Redpoint Security consultants are experts in various application security fields and provide a wide-range of services. Whether you need secure code review (open box assessments), penetration testing (closed box), or process improvement (SDLC reviews), we speak your language. If you are looking for code security expertise to build or break applications, to train developers on secure coding techniques, or to analyze a security program for gaps, we can help.

Security Research, % 90

Security Consulting, % 100

Security Development, % 75

Security Training, % 100

Redpoint Security consultants have assessed applications from across the development spectrum (e.g. Java, .Net, JavaScript, C/C++, Python, Go, Ruby) on a multitude of platforms and technologies (e.g. AWS, Azure, GCP, SAP, Linux, Windows, Salesforce). We are experts in breaking down these custom applications, environments, and platforms to the security basics in order to identify any security issues.

Information Gathering

Redpoint Security starts all assessments striving to understand the application’s purpose and risk. Depending on the activity, this phase may include an initial review of application source code, discussions with developers, a high-level look at application use-cases, and digging in to any application documentation.

Vulnerability Identification

Redpoint Security utilizes data obtained during the information gathering phase to explore all possible security vulnerabilities across the identified application surface. This discovery process is based on industry best practices in combination with our experience and expertise in finding application flaws.

Reporting

Our reports document all vulnerabilities found during the assessment, no matter the associated severity or risk. Each documented finding will describe the issue in full detail with steps necessary to replicate our discovery and include actionable items for remediation.

Services

Redpoint provides a wide range of application security services

Dynamic

Also known as an application security assessments (“ASA”), dynamic assessment, or application penetration test, this assessment evaluates the existing security controls that protect an application within its intended environment. Most commonly performed against web applications, but also against mobile, cloud, and API-only applications.

Static

An open box assessment, static code assesssment, or secure code reviews (“SCR”) is designed to help a Client’s development team build more secure software. This assessment may use both automated tools and manual techniques to identify vulnerabilities and does not require access to client environments.

Hybrid

Also known as a Hybrid Application Security Assessment (“HASA”) or source-assisted assessment, this assessment combines the techniques used in dynamic and static assessments. This combination of knowledge provides a more complete view of the running application, with the main benefit of eliminating false positives.

Training

Redpoint consultants use their years of security and development experience to tailor training courses for software developers. Each course features custom-developed, intentionally vulnerable applications to demonstrate the exploitation and remediation of vulnerabilities. These courses take a hands-on, real world approach.

Team.