Meet the leader in Offensive Security
Bishop Fox is the largest private offensive security firm. Since 2005, the company has provided security consulting services to the world's leading organizations, working with Fortune 100 companies, to help secure their products, applications, networks, and cloud resources with penetration testing and security assessments.
Bishop Fox takes a hands-on approach to every engagement. Their consulting services range from full assessments to zero-knowledge engagements where nothing is known but the target.
Application Penetration Testing (APT)
Bishop Fox can help determine if your application is secure. Their APT can help satisfy testing requirements for secure releases, compliance, and third-party assessments. Additionally, they have helped clients prioritize exposure points and find business and logic flaws other forms of testing can't.
Hybrid Application Assessment (HAA)
In addition to the APT, their hybrid assessments implement testing earlier in the lifecycle. Their team can verify issues identified in the SCR are "real world" exploits. Their in-depth assessment will verify issues discovered in APT, uncover more nuanced vulnerabilities, and provide lines of code for each security issue alongside comprehensive remediation recommendations.
Building on their pre-attack analysis, Bishop Fox uses a "4+1 Core" methodology. The 4 + 1 Core is designed to be highly flexible so they can design an engagement that effectively explores the full target system.
Product Security Review
This service helps companies launch secure products by making sure an attacker can't take control or affect your physical environment, ensure security when retrofitting older devices and hardware, and when paired with the Hybrid Application Assessment, examines the software backend and APIs for security weaknesses.
Sophisticated social attacks remain a threat to modern companies. Bishop Fox helps their clients test their physical, email, and phone security controls. They can locate the weakest links in security and personnel, determine phishing susceptibility, and confirm how secure their help desk controls are.
Internal Penetration Testing (IPT)
Internal Penetration Testing models how an attacker from within the internal network can exploit company resources. Bishop Fox helps companies simulate specific scenarios like a malicious insider or a compromised employee.
External Penetration Testing (EPT)
Bishop Fox provides External Penetration Testing services that satisfy testing requirements for compliance, third-party requirements, customer needs, etc.
Continuous Attack Surface Testing (CAST)
Bishop Fox is a managed service that combines a next-generation attack platform with penetration tests to deliver visibility into an organization's posture. The platform maps attack surfaces in real-time and uses automation to continuously find weaknesses. Their operators then use the data from the platform to perform continuous penetration tests and deliver fully validated results.
Their partner programs also stand out, featuring official partnerships with Google, Amazon Alexa, Facebook Workplace and Nest.
Bishop Fox has two programs with Google.
Security Assessment Program
The Google Partner Security Program is a collaborative effort to protect partner, customer, and Google data by increasing the security of Google partners’ applications and networks that integrate with the Google ecosystems.
Google Vendor Security Assessment (VSA)
The Vendor Security Assessment (VSA) program is a collaborative effort to protect vendors, suppliers, and partners by increasing the security and privacy of applications, networks, and systems that integrate with the Google and Alphabet ecosystems.
Bishop Fox is an authorized security lab for built-in Alexa devices. Their team helps developers meet security requirements for devices using the Amazon Voice Service (AVS).
The Workplace Partner Security Program is a collaborative effort to protect Workplace partners, their customers, and Workplace's data by increasing the security of applications integrated with Workplace ecosystems. All applications that use one or more medium - or high-sensitivity permissions are required to undergo security review.
The security assessment includes two parts: application penetration testing and security RFI.
Their Nest Partner Security Program is for companies with products and applications that integrate with the Nest ecosystem.