Penetration Testing
PCI Compliance Testing

 

What we do

We are a security company specialising in penetration testing – otherwise known as technical IT security audits; or colloquially – white-hat hacking.

Penetration testing is our core capability, but we also do: PCI Compliance Testing; We are fully conversant with the technical security requirements for PCI. We are up to date with version 2.0 of the PCI standard as well as the Point to Point Encryption standard released in September 2011.
There are two types of penetration tests we provide our clients:
• Application; and
• Hardware/Network.

During an Application penetration test we use the OWASP application testing methodology to manually test each of fields in your application to ensure no vulnerabilities are present which can be exploited to gain unauthorised access. If requested we use commercial tools such as nessus and burpsuite however this increases the cost of the test and we believe does not add value to the client, as nessus results can be replicated using openVAS. If a vulnerability is found we write custom scripts to extract or inject data and work with you fix the issue.

A hardware/Network penetration test is done by mapping the internet facing network infrastructure, identifying the open ports, firewalls and rules implemented between networks as well as os versions running on any external devices. A relevant vulnerability scan is then conducted and if weaknesses are found these are either communicated or exploited depending on client requirements.

Our testing methodologies are based on OWASP guides and more than a decade of IT and Security experience. Our clients come from banking, financial, publishing, education and gaming industries; We also have existing strong relationships with two leading providers of PCI audits in Australia.

We advocate free & open-source software and are not affiliated with any software or hardware vendors. We can help companies implement open source solutions meeting their business needs in a cost efficient and transparent way.

Recognising that many businesses prefer a commercial solution, we also have knowledge and experience with commercial security and network products from vendors such as CISCO, Checkpoint (NOKIA Security appliance), Juniper, VMware and Fortigate.