Penetration Testing

Know before they know. Stress Test Your Mission Critical Environments.

Full Security Assessment

Leviathan’s services extend beyond the realm of traditional dynamic penetration testing to provide you with a comprehensive review of your security posture on any platform. Our combination of static analysis and dynamic testing can be applied to web applications, native code, network infrastructure, and hardware. Our goal is to help you iteratively improve security with our advice, not just to break in.

Customized Testing

For Leviathan’s team of highly experienced hackers, scanners and playbooks are just the beginning of your assessment. Our team of security researchers will take the time to learn about your application and will find risks that go beyond the OWASP Top 10 and the CWE Top 25.

Actionable Advice

When we find a vulnerability, we work with your developers to find the right solution for your organization. Our vulnerability remediation advice is tailored to your threat landscape, policy requirements, and capabilities.

No Noise

Your team doesn’t need to spend time explaining to us that scanner output is wrong, that patches were applied, or that a vulnerability isn’t exploitable. If it’s in our report, we’ve already checked.

Advanced Tactics

The consultants you work with are security researchers and can develop or adapt tactics, techniques, and practices to your company’s environment. Our internal training and research program helps our team keep up with new developments.

Quality Assurance

Our entire report is reviewed by a senior member of our team to make sure everything is correct and we’re not missing anything. You get the benefit of a long-tenured consultant who’s seen it all.

Leviathan’s Capabilities

 

Software Security Assessment

 

Conduct a collaborative assessment of your application’s security with our hackers. We will take the time to familiarize ourselves with your application, find out the worst that could happen, and check whether there’s a way an attacker could cause it. This type of assessment looks for defense in depth, effectiveness of controls, and implementation of best practice.

 

Attacker Simulation

 

Test your detective controls and incident response by having our hackers break into your environment in a controlled way. Our red team can begin an assessment from an internal vantage point or the public Internet, and take the engagement from discovery to post-exploitation. We’ll debrief your blue team and show them how to make sure the breach doesn’t happen for real.

 

Hardware Security Assessment

 

Send us your device to disassemble and probe in our lab. We can perform firmware reviews, test remote attestation schemes, determine whether secrets on the device are protected, evaluate tamper resistance and hardware authentication, find backdoors, conduct power analysis attacks, and attack radio interfaces. Contact us with your project to see if our capabilities and lab facilities are a match.

 

Web Application Security

 

With decades of experience in web application assessments, our consultants can discover whether your application has kept up with the latest attacks and mitigation techniques in this fast-evolving landscape. We’ll check the OWASP Top 10, and then we’ll go into application-specific detail. We can assist with federated authentication, microservices, APIs, browser-based applications, and almost anything else.

 

Mobile Application Security

 

Leviathan works with leading mobile operating systems and devices, and has the experience to see if an attacker could subvert the functionality of your app. We work primarily on Android and iOS applications and can determine whether they expose users to attack, whether they can be abused by malware, and whether adversaries can learn business secrets from them.

 

Automotive Security

 

Leading researchers in automotive security are part of our team at Leviathan. If you’re worried about your cooperative adaptive cruise control or self-driving capabilities being compromised by an attacker, want to see if your CAN gateway blocks the right things, whether your wireless keys are secure, whether your C-V2X implementation resists injection attacks, or what we can do with access to your SAE J1939 bus, our lab is at your disposal.

 

INDUSTRIES SERVED

  • SaaS


    Helping you meet the demands of your customers. Penetration Testing to Auditing.

  • Healthcare


    From HIPAA Compliance to Security Assessments. We help ensure the privacy of your patients.

  • Finance


    Meet the expectations of your clients and regulators.

  • Internet of Things


    Putting the Security in IOT. Hardware & Software Assessments to supply chain assurance.

  • Enterprise


    Simplify the security of your complex environments. Perimeter Security, Red Teaming, and GRC.

  • Education


    Ensure that your platforms, services, and products protect privacy of your students and faculty.

  • Automotive


    Protect the safety and privacy of your drivers and passengers.

  • Growing Industries


    Protecting the next big thing.