Month: August 2018

Testing and assessment methodologies

Testing and assessment methodologies

Overview DotSec specialises in testing applications and services for its online retail, government, finance and banking, legal, investment, online gaming, education, online payments, insurance, telco and data centre clients. At DotSec, we pride ourselves on our independence, and on our ability to bring to focus the skills of experts who do not just test and […]

IRAP compliance for national service provider

IRAP compliance for national service provider

We’ve compiled a case study that summarises 18 months of very challenging, rewarding and ultimately successful work, guiding the development of an IRAP-compliant information security management practice.  Our client was an international service-provider to governments in Australia and overseas. In order to be able to provide services to the Australian federal government, our client needed […]

Magento as the coal-miner’s canary

Magento as the coal-miner’s canary

Overview Regular review of web-application logs is not only a requirement for various compliance regimes (such as the PCI-DSS or various IRAP-based programs), it can actually give you good insight into vulnerabilities which arise outside of the web-application itself. In this post we describe how clever analysis of blocked-request logs (in this case to Magento) […]