Our 45 day free trial of our continuous pen testing service, Lifeguard™ is available to qualified clients for you to try our services before signing up.
Onboarding is easy - give us a list of your external assets, sign a Rules of Engagement (ROE) document authorizing us to conduct penetration testing, and off we go.
It's then up to us to prove our value by identifying and exploiting vulnerabilities.
Lifeguard™ service begins with us mapping and continuously monitoring your external attack surface by conducting continuous host discovery and port scans.
Once we have an accurate view of your attack surface, we conduct daily vulnerability scans to detect the latest known vulnerabilities.
Next, we conduct daily manual penetration testing on new and existing hosts and apps.
We specialize in conducting thorough penetration testing without impacting operations. We conduct:
- External Network penetration testing
- Web, mobile app, and API penetration testing
- Internal penetration testing
- Social engineering penetration testing, to include spear phishing, vishing etc.
Our vulnerability assessments are designed to give you a validated list of vulnerabilities on your systems and applications.
Each vulnerability is manually tested to ensure we eliminate false-positives, giving you an actionable list of vulnerabilities to remediate.
More than just an automated scan.
We believe in the adage – do one thing, and do it well.
The only service we offer is penetration testing, because that’s what we specialize in.
Our prestigious clients trust us to conduct penetration testing on their mission critical networks because they know we won’t impact their business operations.
We don’t rely on automated scanners to do our job. Yes, we use them, but the vast majority of our pen test findings are missed by automated tools – they are identified through manual penetration testing.
We’re not some mega corp that’s slow to move and requires a 3 months lead time to get a pen test started. We are small, but agile, and we value each and every customer, so will do what it takes to ensure success.
Founded in March of 2010 by Information Security veteran Mark Wolfgang, Shorebreak Security prides itself on providing high quality, thorough penetration testing services to its clients without impacting operations.
In 2014 we developed the industry-first continuous penetration service, Lifeguard™, because no one else in the industry had evolved beyond once a year penetration testing, and well, that’s just not good enough.
Our team is comprised of highly qualified and skilled ethical hackers with decades of experience breaking into a wide range of systems, networks, and apps. Oh, we’re very good at hacking humans, as well.
We are a Service-Disabled Veteran-Owned Small Business (SDVOSB) with many former military vets on staff.
We ensure our customer’s needs are met, by clearly setting expectations up front, and making sure we exceed all expectations.
We offer a free 45 day trial of our
continuous penetration testing service,
Lifeguard™, for free to qualified
The fist step in getting started is to set up a quick meeting with us to ensure we’re a good fit for each other. We want to hear your goals and objectives, and make sure we can meet or exceed them before we commit to providing services.
You will meet with our CEO, Mark Wolfgang, who will walk you through Lifeguard Service and also explain our periodic pen test offerings.
You may decide to hire us to first to do a one time external penetration test, which establishes the attack surface baseline. Upon conclusion of the baseline pen test, we will move into a free, 45 day trial of Lifeguard service.
Or, you may decide to begin with a free 45 day trial right off the bat.
First, we make sure we’re a good fit for each other. Next, you will tell us all your network blocks and IP addresses. From there, we’ll put together a Rules of Engagement (ROE) document that includes points of contact, defines the test scope and schedule, defines which IPs and network blocks are to be included, lists the pen test tools we use and also provides out test methodology.
Next, we finalized the ROE and execute it as a contract, which serves as our written authority to test your systems.
We invite relevant users from your organization to the platform to view results.
Then we begin scanning to determine your external attack surface. The result of this is a list of hosts and ports, and web apps.
After we know the size of your attack surface, we’ll be able to provide pricing to you.
Next, we select up to 25 assets that we will include in the trial – these are the ones that will be pen tested.
Then we’ll move into the vulnerability and manual pen testing phase, which will last 45 days.
In this time period, you sit back and watch us test your environment. We’ll be in close communication with your team to ensure scanning is not impacting operations.
After the 45 day trial period, you choose go/no-go.
This all depends on the size of your organization and how many players are involved in getting approval.
But the process can get started fairly quickly after the ROE is signed.
Plan on no more than 5 hours in total.
1 hour of intro and scoping meetings
2 hours to work on the ROE
1 hour to work with us to select target assets for the trial
1 hour to identify users you want invited to the platform.
It is both. The Lifeguard service is our continuous penetration testing service.
The Lifeguard platform is the web frontend where we display the results of our pen testing work, exchange files, and communicate with IT and security staff in your organization.
There are automated components of Lifeguard Service, but our value is in conducting manual penetration testing.
We have an internal budget of hours for manual pen testing of each customer depending on the size of the organization. For larger organizations, it could be 15-20 hours of manual pen testing per week. For smaller organizations, it could be 5-10 hours per week.
Pricing is determined purely by the size and scope of your external attack surface.
Some of our larger customers have hundreds of Internet-accessible assets to test, and a very dynamic attack surface. Others have a fairly static attack surface with a small number of hosts.
We’re small enough to be flexible to meet your needs, but Lifeguard service is always prepaid – either in quarterly or yearly increments.
Yes, we are happy to provide discounts for longer terms. Typical contracts start with a one year term so you can try us out. Then if it makes sense to continue, then we can discuss longer term contracts with discounts.
Yes! This is one of the features of Lifeguard. You will always be able to answer the question, “What is our attack surface?”, when asked.