DotSec - dot com security

DotSec is a professional information-security organisation that delivers solutions which, first and foremost, address our customer's business requirements. All DotSec professionals are experienced in the design, implementation and assessment of secure information-systems, and in the provision of policies, procedures and training to keep those systems secure.

In particular, DotSec professionals have a strong track-record in the areas of:
  • Strong, multi-factor authentication systems, including OTP (One-Time Password), token and smart-card based systems. DotSec specialises in the design and deployment of Single Sign-On (SSO) services. DotSec has recently deployed a secure, two-factor authentication service for a financial-investment company, allowing remote workers to access VPN and web-mail and calendars, without compromising domain passwords.
  • Secure web applications and services, including the design and integration of authentication providers for J2EE systems, and the secure messaging and Web-SSO implementations. A recent project has seen DotSec complete the deployment of a SAML-based authentication service, providing Web-SSO for a number of web applications.
  • Enterprise Identity and Access Management services and integration, including requirements analysis, and integration with strong authentication and directory services.
  • The development and review of information-management security policies, and of standard operating procedures and security plans which are based on those policies.
  • Threat and Risk Assessment (TRA), security-services design reviews, and Penetration Testing (Pen Tests). DotSec brings unique TRA skills, since DotSec professionals have experience in the design and implementation of secure applications and services, not just in assessment and review. A recent TRA project allowed DotSec to demonstrate how an attacker could collect the usernames and passwords of all the users of a leading case-management application, by exploiting vulnerabilities in the application itself.
  • The provision of training courses to a wide variety of audiences. Our courses range from half-day information-security primers, to three-day secure-application development courses, and have been delivered in-house, as well as by third-party training organisations.
Dotsec professionals work with you, the customer, to provide a assessment, policy, training, implementation and monitoring solutions that satisfy your business requirements.

News byte!

The annual AusCERT security conference is on again, and we will be delivering a presentation and debunking a few myths.

Accreditation!


Signatory (GITC# Q-2554) to the Qld State Government's GITC information technology supplier agreement.


Included in the the Attorney-General's Department Critical Network Vulnerability Assessment (CNVA) program.


Endorsed supplier number 5461. See the ESA web page.