9 September 2021

Cyrex Explained: Our Frequently Asked Questions

During our day-to-day, we get asked a lot of questions about what we do, how we do it, and why clients should choose Cyrex.

We have an FAQ on our games and non-gaming application pages, but we thought it would be useful to go into more detail.

What is a penetration test?

A penetration test is a simulated cyberattack on a system or application. It is an authorized event in which security engineers evaluate the security of the system or application by searching for vulnerabilities. We’ve discussed the differences between penetration testing, bug bounties, and vulnerability scanning before.

But effectively, it is security engineers approaching your system or application like a hacker. Looking for how it could be manipulated or abused. These vulnerabilities are then validated and catalogued for reporting to the client.

At Cyrex, we conduct our penetration tests manually. We don’t rely on any automation tools. Qualitative penetration testing is all about the hands-on experience and expertise. There’s no tool that will pick up half of what our trained security engineers would find.

How much does a penetration test cost?

A penetration test can vary in price. This is determined by several factors.

The number of security engineers assigned. At Cyrex, we always use a pair hacking method. It’s an invaluable method of working, like when we found vulnerabilities in Apple’s system. We typically assign between two and four ethical hackers to your project.

The type of testing. We offer white, grey, and black box packages. The white and grey box services would be more qualitative due to their in-depth nature. While black box is more realistic in approach, it is not recommended. We’ll go into more detail later on this.

Finally, the amount of functionality. We’re looking at API endpoints, sockets, remote procedure calls, everything. Depending on what’s present, the duration of the test changes and this changes its pricing.

If you’re interested about our testing, please get in touch. We don’t throw around quotes and hope they fit your scope. Our ideal scenario is a meeting, exchanging details and documentation so that our team can get a proper insight into your project. From there, we can deliver an accurate proposal for you to consider, one covering all the functionalities present in your application.

Why should I work with Cyrex?

As we said, Cyrex hacks in pairs. Our pair hacking method ensures that nothing gets left unseen. With a minimum of two engineers per project, they can cross-validate and test their findings with each other. This workflow means pair hacking isn’t twice as expensive. It enables us to get same results or better but in half the time.

We’re native cybersecurity engineers. Our teams are specifically trained and working in the security industry. The mindset and background of each of our team is designed for the cybersecurity world.

We don’t test just games, but we are a game focused group. And we’re native players, passionate about gaming and the industry itself.

We’ve been in the industry for many years now, working with leading companies in a variety of industries. See our portfolio to learn more!

Finally, we’re part of a larger group, providing services to the games and entertainment industries. We have the capacity and resources to scale up and cover any project.

What can be tested by Cyrex?

Effectively, anything. Web, mobile (iOS and Android), desktop applications, IoT devices, console and VR applications, anything. No matter the architecture or framework or programming language, Cyrex can adapt.

What are the types of penetration test packages?

As mentioned above, we have three types of testing. They are explained further in depth here, along with penetration testing.

  • Black Box – Most realistic. Black box testing is effectively us testing your application or system with no prior knowledge regarding the target.
  • Grey Box – Most common. We get some key documentation and functionalities. We recommend grey box is the minimum package you should consider.
  • White Box – Most in-depth. This is the highest level of testing, as we receive the full source code and functionality list. We recommend this box as it provides the best outcome.

White box testing is our gold standard. We know how everything works, so it’s rare that we’ll miss a vulnerability. Grey box is very high quality but for us, in terms of security, it’s a compromise. Finally, black box is cheaper initially, but it will take us longer. This is due to the addition of a full reconnaissance phase and discovery of what needs testing.

White and grey box testing are faster overall and higher in quality. They are a cost-effective option, due to the exchange of information and documentation.

We hope these more detailed answers have helped you understand more about Cyrex and our work. The cybersecurity and tech industries are complicated by nature, and we see no reason to add to it.

If you’re interested in our penetration testing services, please get in touch! We also have anonymized security reports of some of our past clients, which are a great example of our reporting methods. Finally, if penetration testing isn’t for you, we also offer other services such as load testing and web development.