What we do
We are a security company specialising in penetration testing – otherwise known as technical IT security audits; or colloquially – white-hat hacking.
• Application; and
During an Application penetration test we use the OWASP application testing methodology to manually test each of fields in your application to ensure no vulnerabilities are present which can be exploited to gain unauthorised access. If requested we use commercial tools such as nessus and burpsuite however this increases the cost of the test and we believe does not add value to the client, as nessus results can be replicated using openVAS. If a vulnerability is found we write custom scripts to extract or inject data and work with you fix the issue.
A hardware/Network penetration test is done by mapping the internet facing network infrastructure, identifying the open ports, firewalls and rules implemented between networks as well as os versions running on any external devices. A relevant vulnerability scan is then conducted and if weaknesses are found these are either communicated or exploited depending on client requirements.
Our testing methodologies are based on OWASP guides and more than a decade of IT and Security experience. Our clients come from banking, financial, publishing, education and gaming industries; We also have existing strong relationships with two leading providers of PCI audits in Australia.
We advocate free & open-source software and are not affiliated with any software or hardware vendors. We can help companies implement open source solutions meeting their business needs in a cost efficient and transparent way.
Recognising that many businesses prefer a commercial solution, we also have knowledge and experience with commercial security and network products from vendors such as CISCO, Checkpoint (NOKIA Security appliance), Juniper, VMware and Fortigate.