KoreLogic

KoreLogic

Speciality: Full-Stack Penetration Testing

Annapolis, United States 19 employees
Visit Website View on LinkedIn
[01] About

KoreLogic is a private cybersecurity company specializing in penetration testing and security consulting; with 10 employees (+5.6% YoY growth), $20.3M annual revenue, founded in 2004, headquartered in Annapolis, Maryland, USA. They provide comprehensive testing services including mobile, cloud, web, social engineering, red teaming, and product security, serving Fortune 100 clients and the U.S. government.

In 2004, we founded KoreLogic to build an IT security company that was respected for the quality of its work and the caliber of our staff. We have stayed true to that. We are grateful to our customers for trusting us to deliver critically important services to them. Over their careers, KoreLogic staff have served over forty Fortune 500 clients and hundreds of commercial, nonprofit and government clients. We use our offensive testing experience to assess risk, to design and build solutions that help our clients defend their critical assets. We have won multi-year, multi-million security research projects from DARPA. At DEF CON, we organize the annual Crack Me IF You Can password cracking contest. We have presented at the DEF CON, Black Hat, ShmooCon, Techno-Security, OWASP, and DerbyCon Conferences. The KoreLogic Team actively pursues the identification of vulnerabilities. Our Vulnerability Disclosure Program was created to responsibly distribute vulnerability information to the public in a controlled manner and follow common industry practices associated with disclosing newly identified vulnerabilities, which are not protected by KoreLogic client confidentiality/non-disclosure agreements. The advisories can be seen here: https://korelogic.com/advisories.html KoreLogic Security publishes several open-source projects, available at https://git.korelogic.com/ or our github page, https://github.com/KoreLogicSecurity We are ISO 27001:2022 certified.
[02] Services
Korelogic Provides Comprehensive Cybersecurity Services Including Expert Penetration Testing
Offensive And Defensive Security Consulting
Security Research And Development
Password Recovery And Cracking
Custom Security Solutions For Diverse Platforms And Technologies
Serving Fortune 100 Companies And The U.s. Government.
[03] Certifications
ISO 27001:2022

ISO 27001:2022: Origin and Industry Value


Origin


ISO 27001 was developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), first published in 2005 as ISO/IEC 27001. The standard evolved from the British Standard BS 7799-2, which was created in the late 1990s. The 2022 version represents the latest revision, updated to address modern cybersecurity challenges including cloud computing, remote work, and emerging technologies. It was created to provide organizations with a systematic framework for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS).


Industry Importance


ISO 27001:2022 is highly valued because it provides internationally recognized proof that an organization takes information security seriously and has implemented comprehensive controls to protect sensitive data. The certification demonstrates to clients, partners, and stakeholders that a company follows best practices for managing cybersecurity risks, often becoming a prerequisite for doing business with government agencies and large corporations. Organizations benefit from reduced security incidents, improved customer trust, competitive advantage in procurement processes, and potential compliance with various legal and regulatory requirements. The standard's risk-based approach ensures that security measures are proportionate and aligned with actual business threats.
CREST

CREST Cybersecurity Certification


Origin


CREST (Council of Registered Ethical Security Testers) was established in 2006 in the United Kingdom by a group of cybersecurity professionals and industry representatives. It was created to address the growing need for standardized, recognized qualifications in penetration testing and cybersecurity services. The organization emerged from concerns about the quality and professionalism of security testing services, aiming to provide a framework that would certify both individual practitioners and the companies that employ them.


Industry Value


CREST certifications are highly valued in the cybersecurity industry because they demonstrate a practitioner's technical competence and adherence to professional ethical standards. Many government agencies, financial institutions, and large corporations specifically require CREST-certified professionals when procuring penetration testing or security assessment services. The certification provides assurance to employers and clients that certified individuals have been independently verified to possess the necessary skills and knowledge, and that they follow established codes of conduct. This makes CREST credentials particularly important for cybersecurity professionals working in regulated industries or seeking to work with organizations that have stringent security requirements.