X-Force Red penetration testing services
Penetration testing for your applications, networks, hardware and personnel to uncover and fix vulnerabilities that expose your most important assets to attacks
Watch the demo videos
Aerial view circle roads and traffic at night

If you try to test everything, you’ll waste your time, budget and resources. By using a communication and collaboration platform with historical data, you can centralize, manage and prioritize high-risk networks, applications, devices and other assets to optimize your security testing program. The X-Force® Red Portal enables everyone involved in remediation to view test findings immediately after vulnerabilities are uncovered and schedule security tests at their convenience.

Protect critical assets using an attacker’s mindset
Talk to an X-Force Red hacker

Capabilities Application testing

Test your mobile, web, IoT and backend applications. X-Force Red can provide manual penetration testing, secure code review, binary analysis and vulnerability assessments of any platforms.

Watch the video
Network testing

Prevent opportunistic attacks with X-Force Red manual network penetration testing. Our hackers identify vulnerabilities that may lead to opportunistic attacks and testing uncovers vulnerabilities that scanners cannot, such as logic flaws, back doors and misconfigurations.

Explore network security services
Hardware testing

Test engineering and security from a hacker’s point of view. X-Force Red can reverse-engineer your devices to find vulnerabilities during development, assess source code and data in and out of systems, and identify vulnerabilities in product implementation and external libraries.

Explore hardware testing
Social engineering

Humans can be the weakest link in your security. Determining the risks of human behavior is a key aspect of social engineering. X-Force Red engagements can include ruses attackers may use to trick your employees into divulging sensitive information.

Explore social engineering
Specialty service: IoT device testing

Many IoT devices and backend systems are not designed with security in mind. We identify and fix critical vulnerabilities, building security into your solutions— while reducing risk of future liability—by providing device, backend and mobile application testing, integration testing and reverse engineering of your IoT medical, industrial and operational devices.

Watch the video (01:19)
Specialty service: Cloud testing

We provide cloud configuration and infrastructure review to find critical misconfigurations that can lead to privilege escalation or unauthorized access to sensitive data. X-Force Red hackers can uncover potential attack paths and insecure DevOps practices such as sharing secrets (privileged credentials, API/SSH keys and more). They also find and fix exploitable flaws inside containers and the connected environment.

Download the cloud testing brief Download the container testing brief
Specialty service: Blockchain testing

X-Force Red can test your entire blockchain environment or only the technical elements such as chain code, remote nodes and block producers, certificate authority and integration with off-chain code. X-Force Red hackers work side-by-side with blockchain developers and architects to create secure policies, procedures and controls to address typical security vulnerabilities within blockchain networks.

Read the blog post
X-force Red Labs
Test your devices before and after they go to market.  Expert penetration testers in our global labs can tear down, reverse engineer, modify, compromise, exploit and test every aspect of your hardware to help remediate vulnerabilities throughout the development lifecycle. Learn more about X-Force Red Labs Meet the X-Force Red team
Models for flexibility Three programs to meet your needs
Group 13
Ad-hoc testing

Smaller project with explicit scope, using X-Force Red hackers, and you own the testing program.

Group 5
Subscription program

Fixed monthly costs. No charges for overtime or test changes. Unused funds carry over.

Group 17
Managed service

Predictable monthly budgets. We handle scope, schedules, testing and reporting.

Industry use cases for penetration testing

Automotive industry X-Force Red hackers manually test the entire vehicle system, including hardware, supplier components, integration, connected services, autonomous sensor controls and fusion subsystems. They work side-by-side with your engineers to uncover vulnerabilities that impact the safety of vehicles and reliability of the connected network. Watch the video

ATM security X-Force Red tests all components of an ATM’s software and hardware, including applications, connected networks, casings, locks, tamper systems and more. X-Force Red then works with you on a remediation plan so your customers' sensitive financial data can remain protected. You can also find out if your ATM and connected infrastructure are compliant with industry mandates such as the PCI DSS. Watch the video

Industrial control systems In industrial control systems (ICS), multiple systems and technologies from different entities integrate to monitor and control critical processes. X-Force Red can manage the entire remediation process, helping you understand which vulnerabilities matter most and, in cases where patching is too risky, recommend countermeasures to reduce risk. We can also help you minimize disruptions with active and passive, manual and tool-based testing. Read the blog post

Client story

Watch the customer story (1:38)
X-Force Red investigated how cyber criminals exploit package deliveries to hack into corporate or personal home networks right from the front door.
X-Force Threat Intelligence Index
Understand your cyberattack risks with a global view of the threat landscape.
See how the X-Force Red Portal can help you manage your penetration testing program and find reports and recommendations quickly and easily.
Ad hoc or managed penetration testing
Learn more about which is best for you: testing on an as-needed basis or continuous testing by an outside team.
Cybersecurity training
Boost your cybersecurity skills by enrolling in IBM's instruction for penetration testing, incident response, digital forensics and scripting.
For Attackers, Home is Where the Hideout Is
The best defense against a cyber attack is a bit like playing the hide-and-seek game, but you have to think like an attacker.
Subscribe to our monthly newsletters

Receive our newsletters that deliver thoughtful insights on emerging trends.

Subscribe now Know more Contact our team

Connect with our diverse group of IBM experts that can help you make your next big move.

Explore career opportunities

Join our team of dedicated, innovative people who are bringing positive change to work and the world.

Register now