While we understand the reluctance to share internal workings, designs, and methodologies, the Cyrex team believe that transparency is the key to growth and improvement. That is our intent behind these lovingly crafted security reports. By sharing what our security work involves, with our penetration tests and security audits, we can show our clients exactly how we work and what they will get.
What do these Security Reports mean?
We’re not shy in sharing these. The Cyrex team are confident in their delivery of gold standard cybersecurity and we’ve put a great deal of work into developing these comprehensive and extensive security reports. In these reports, you will see exactly what our consultancy and security audits consist of. You will also see the suggestions and effort put into post-engagement solutions. These reports are completely anonymised, but they are entirely real security engagements we have conducted in the past. Presented now in an abstract representation, you will get a real and clear look into the engagement without compromising the team involved. By consulting these reports, you will see the quality of service we offer, what kind of vulnerabilities we find, the remedies we offer, and the methodologies that we use.What type of Security Reports are available?
We have launched this resource with four different types.- Web apps
- Mobile apps
- Desktop apps (typically PC games, anything with a .exe or a game launcher on Mac or Windows)
- Blockchain apps
What is in the Security Reports?
Should you receive these reports from an actual security engagement, your security team would have absolutely everything they need to tackle discovered vulnerabilities, understand what we found, and our own recommendations on remedying the vulnerabilities to best security practices. In downloading these reports, you are receiving an anonymised version of the above. We’re proud to say that after we deliver these reports, there is little to no need for follow up questions or clarifications from our clients. We want to deliver excellence wrapped in a bow with a level of detail that leaves nothing to your team’s imagination. With these reports, we promise a happy group of security engineers given the breadth and length of what is included. As a summary, you can expect the below in every one of these reports:Executive Summary
Our security engineers provide a broad look and explanation of the engagement that the report was created from. We explain why the test was conducted and what the goals were as well as any specific efforts of our team over the course of the engagement.About Cyrex
A brief paragraph about Cyrex, the work we do, and how we deliver a gold-standard service in cybersecurity.Scope of Engagement
This is a deeper look into the engagement. It expands on the introduction and includes what actions our security engineers took and what actions ere taken over the course of the penetration test life cycle. It also includes any additional hosts, IPs, and components that were included in the tested scope.Risk analysis
This section describes and explains our ‘Risk Assessment’ system which is based on the ‘Common Vulnerability Scoring System’. Once finished with this section, you will have a clear understanding of the numerical value assigned to each vulnerability based on its severity. Within you will also find a clear, colour coordinated table displaying examples of vulnerabilities found, their status, severity, and which page they can be found on.Conclusion
This section simply explains the close of the security engagement and the conclusion reached by our security engineers regarding the client’s security maturity. This section will also offer recommendations for your security team as well as our analysis of the most pressing and most common security issues.Vulnerabilities
This last section lists all vulnerabilities determined over the course of the security engagement. Each is explained in-depth as well as a best practice provided by Cyrex to mitigate the vulnerabilities in the future. Each vulnerability is delivered with a CVSS code, what the vulnerability is, what it endangers, complete with a proof of concept for reproducibility, and a recommended solution supported by pseudo-code and a coding proof.Looking for a gold-standard security audit and report for your application or network infrastructure? Reach out to us today! Discover these security reports here and see what we can do for you and your digital safety. Be sure to stay up to date with our latest news by following us on linkedin.