Kestrel Information Security, Inc. is a unique and innovative Information Security consulting firm. Our core specialization is "Security Testing" and "Secure" Systems Development Life Cycles; In other words, Penetration Testing and Risk Remediation.
Be it a web application penetration test, external (internet) based penetration test, or internal (trusted) penetration test, you’ll find this is our strength and, not surprisingly, our 2nd-most popular offering.
At hardware, software, firmware, radio, and web/cloud infrastructure levels, using either a strictly blackbox or more towards a trusted, near-whitebox approach, we assess nearly anything connected. This is our specialty.
Having worked on several multi-million dollar development projects and developed “Secure” Systems Development Life Cycles for multiple clients, we are uniquely positioned to bring your systems development to the next level.
At large, international scale or on a lean small budget: we have built many security programs from scratch, refined others that became stalled or stagnate, and have joined up existing teams to establish or grow greater capabilities.
In support of our core competencies, our primary service portfolio also includes Web Application Security Review, Vulnerability Assessments, Compliance Reviews, Security Program Development, Incident Response, Forensics, and Security Research of Emerging Technologies and Threats.
We perform a wide assortment of Web
Application Security Assessment. We can follow the OWASP (Open Web Application Security Project) or go beyond that or other frameworks.
Using extensively experience in full-stack application development and security assessment methodologies, our approach to this service includes static, dynamic,
analytical components.
In addition to producing courseware on digital and mobile device forensics, we can assess your mobile applications and supporting web/cloud infrastructures.
We are very detailed oriented and enjoy coding. We often perform code reviews to pinpoint and provide vulnerability remediation, as well as, performing these reviews in support of product
lifecycles and development.
Security threat modeling has become in integral part of risk management. Several frameworks can be used, and we can support your efforts.
Do you have a product that you acquired rights to and have no idea how it works? Do you want to interoperate with a technology? Do you want to know how resilient your product is to deconstruction? We perform ethical reverse engineering.
Does your cloud or more traditional networking and infrastructure need an assessment? Are you merging or acquiring technology and need it assessed? We can independently attest your posture.
Crime and insider risk continue to be a threat. In addition to developing and providing incident response and forensic courseware, we conduct real casework.
Confused by all the compliance and frameworks out there? Or just need some assistance or validation of your implementation? Our security specialists can assist or lead you in reaching your business goals.
We create internal coursework for our services, which we offer clients, as well as, use for internal quality assurance and controls. One of the popular requests is conducting security awareness exercises, followed by customized material for your business using those as demonstrations.
Having worked with large manufactures and many physical computing devices, we can perform a large range of security firmware functions. These include design, validation, code review, and in some cases code engineering.
Do you need to perform a security
investigation? Do you need an expert witness? Do you need to hunt down a threat? Our experts can.
We can test your networks for information leakage and evidence of compromise.
We perform policy, implementation, and design review work in the area of encryption.
As a trusted partner, we provide various levels of retainer services (part-time, or near fulltime resources) to augment and expand your teams' capabilities.
If you are looking for new staff members and need help vetting candidates, we can conduct technical reviews and skill validation for you.
Our adoptable methodologies allow us to create a customized scope based on your budget and testing needs. Be it a “white”, “grey”, or “black” box test, our security professionals will directly work with you to design an appropriate test
for your specific requirements.
Having worked on several multi-million dollar development projects and developed “Secure” Systems Development Life Cycles for multiple clients, we are uniquely positioned to bring your systems
development to the next level.
For over a decade, we have been delivering practical IT Security solutions to our clients and transferring our "know-how" in application to their unique businesses. This includes
fortune 50 businesses, both local and internationally, throughout the public, private, and government sectors. Some examples include: utilities, medical, pharmaceutical, government, banking, academic, retail, and manufactoring; as
well as, medium and small sized businesses.
Look to our security experts for strategic guidance and "hands-on" answers to your specific security concerns. Invite us to augment your Information Security efforts. Kestrel Information Security, Inc. understands that "one-size doesn't always fit all", so we provide cost-efficient and, in many cases, custom solutions that simply make good business sense.