Don't settle for once a year penetration testing

Periodic penetration testing is a valuable service that we also offer, but is a "snapshot in time", providing you with an evaluation of your security posture for a given time period.

but...

we all know that Information technology is extremely dynamic in nature.

All is takes is for your IT staff to make one change; or for new hosts, apps, and services becoming exposed, and your security posture can change. You can go from being secure, to being vulnerable very quickly.

Additionally, hundreds of thousands of brand new vulnerabilities are published each year, so relying on once a year penetration testing is simply not enough.

Shorebreak Security's continuous penetration testing service, Lifeguard™, provides an up-to-date assessment of Information Technology risk by conducting daily penetration testing on new and existing IT assets, analyzing the very latest published vulnerabilities and using cutting edge tools and techniques to determine your security posture.

We offer a free 45 day trial of Lifeguard™, our continuous penetration testing service to qualified clients.

Our Services

Penetration Testing Services

Lifeguard™ Free Trial

Our 45 day free trial of our continuous pen testing service, Lifeguard™ is available to qualified clients for you to try our services before signing up.

Onboarding is easy - give us a list of your external assets, sign a Rules of Engagement (ROE) document authorizing us to conduct penetration testing, and off we go.

It's then up to us to prove our value by identifying and exploiting vulnerabilities.

Lifeguard™ Service

Lifeguard™ service begins with us mapping and continuously monitoring your external attack surface by conducting continuous host discovery and port scans.

Once we have an accurate view of your attack surface, we conduct daily vulnerability scans to detect the latest known vulnerabilities.

Next, we conduct daily manual penetration testing on new and existing hosts and apps.


Penetration Testing

We specialize in conducting thorough penetration testing without impacting operations. We conduct:
- External Network penetration testing
- Web, mobile app, and API penetration testing
- Internal penetration testing
- Social engineering penetration testing, to include spear phishing, vishing etc.

Vulnerability Assessments

Our vulnerability assessments are designed to give you a validated list of vulnerabilities on your systems and applications.

Each vulnerability is manually tested to ensure we eliminate false-positives, giving you an actionable list of vulnerabilities to remediate.

More than just an automated scan.

Why Choose Us?

We are Experts

We believe in the adage – do one thing, and do it well.

The only service we offer is penetration testing, because that’s what we specialize in.

Customers Trust Us

Our prestigious clients trust us to conduct penetration testing on their mission critical networks because they know we won’t impact their business operations.

Beyond Automation

We don’t rely on automated scanners to do our job. Yes, we use them, but the vast majority of our pen test findings are missed by automated tools – they are identified through manual penetration testing.

We're Agile

We’re not some mega corp that’s slow to move and requires a 3 months lead time to get a pen test started. We are small, but agile, and we value each and every customer, so will do what it takes to ensure success.

About Shorebreak Security

Founded in March of 2010 by Information Security veteran Mark Wolfgang, Shorebreak Security prides itself on providing high quality, thorough penetration testing services to its clients without impacting operations. 

In 2014 we developed the industry-first continuous penetration service, Lifeguard™, because no one else in the industry had evolved beyond once a year penetration testing, and well, that’s just not good enough.

Our team is comprised of highly qualified and skilled ethical hackers with decades of experience breaking into a wide range of systems, networks, and apps. Oh, we’re very good at hacking humans, as well.

We are a Service-Disabled Veteran-Owned Small Business (SDVOSB) with many former military vets on staff.

We ensure our customer’s needs are met, by clearly setting expectations up front, and making sure we exceed all expectations.

Client Testimonials

“Annual pen tests are like running virus scanners and endpoint protection once a year - simply not enough. Lifeguard's 24/7/365 pen testing has been invaluable in numerous ways. Shadow IT is exposed on a daily basis”


Kevin Kerr, CISO, Oak Ridge National Laboratory
“Lifeguard fundamentally changed how I approach security testing. Address real world practical risks by doing it continuously as part of your operations, instead of once in a while. Shorebreak has been a great partner in building, operating and scaling a critical capability.”

Mike Mucha, CISO, Stanford Health Care
"Mark and his team at Shorebreak Security helped with security and penetration testing of the 2022 Special Olympics USA Games app - a first-ever fan engagement platform used at a major Special Olympics event. When I was introduced to Mark, I knew right away Shorebreak was the right firm to help with this project."
Lonnie Snyder, CTO, 2022 Special Olympics USA

Try us for free

We offer a free 45 day trial of our

continuous penetration testing service,

Lifeguard™, for free to qualified

customers.

Lifeguard™ FAQ

Most frequent questions and answers

The fist step in getting started is to set up a quick meeting with us to ensure we’re a good fit for each other. We want to hear your goals and objectives, and make sure we can meet or exceed them before we commit to providing services.

You will meet with our CEO, Mark Wolfgang, who will walk you through Lifeguard Service and also explain our periodic pen test offerings.

You may decide to hire us to first to do a one time external penetration test, which establishes the attack surface baseline. Upon conclusion of the baseline pen test, we will move into a free, 45 day trial of Lifeguard service. 

Or, you may decide to begin with a free 45 day trial right off the bat. 

 

First, we make sure we’re a good fit for each other. Next, you will tell us all your network blocks and IP addresses. From there, we’ll put together a Rules of Engagement (ROE) document that includes points of contact, defines the test scope and schedule, defines which IPs and network blocks are to be included, lists the pen test tools we use and also provides out test methodology.

Next, we finalized the ROE and execute it as a contract, which serves as our written authority to test your systems.

We invite relevant users from your organization to the platform to view results.

Then we begin scanning to determine your external attack surface. The result of this is a list of hosts and ports, and web apps.

After we know the size of your attack surface, we’ll be able to provide pricing to you.

Next, we select up to 25 assets that we will include in the trial – these are the ones that will be pen tested.

Then we’ll move into the vulnerability and manual pen testing phase, which will last 45 days.

In this time period, you sit back and watch us test your environment. We’ll be in close communication with your team to ensure scanning is not impacting operations.

After the 45 day trial period, you choose go/no-go.

This all depends on the size of your organization and how many players are involved in getting approval.

But the process can get started fairly quickly after the ROE is signed. 

Plan on no more than 5 hours in total.

1 hour of intro and scoping meetings

2 hours to work on the ROE

1 hour to work with us to select target assets for the trial

1 hour to identify users you want invited to the platform.

 

 

It is both. The Lifeguard service is our continuous penetration testing service.

The Lifeguard platform is the web frontend where we display the results of our pen testing work, exchange files, and communicate with IT and security staff in your organization.

There are automated components of Lifeguard Service, but our value is in conducting manual penetration testing.

We have an internal budget of hours for manual pen testing of each customer depending on the size of the organization. For larger organizations, it could be 15-20 hours of manual pen testing per week. For smaller organizations, it could be 5-10 hours per week.

Pricing is determined purely by the size and scope of your external attack surface. 

Some of our larger customers have hundreds of Internet-accessible assets to test, and a very dynamic attack surface. Others have a fairly static attack surface with a small number of hosts.

We’re small enough to be flexible to meet your needs, but Lifeguard service is always prepaid – either in quarterly or yearly increments.

Yes, we are happy to provide discounts for longer terms. Typical contracts start with a one year term so you can try us out. Then if it makes sense to continue, then we can discuss longer term contracts with discounts.

Yes! This is one of the features of Lifeguard. You will always be able to answer the question, “What is our attack surface?”, when asked.

Contact Us Now