News

DotSec joins the Amazon Partner Network

Overview We’re excited to announce that DotSec now a member of the Amazon Partner Network (APN) a global partnering program for Amazon Web Services (AWS).  DotSec has been designing, deploying and managing secure computing environments on AWS for over 4 years now; joining the APN allows us to further help our clients to securely manage …

Testing and assessment methodologies

Overview DotSec specialises in testing applications and services for its online retail, government, finance and banking, legal, investment, online gaming, education, online payments, insurance, telco and data centre clients. At DotSec, we pride ourselves on our independence, and on our ability to bring to focus the skills of experts who do not just test and …

IRAP compliance for national service provider

We’ve compiled a case study that summarises 18 months of very challenging, rewarding and ultimately successful work, guiding the development of an IRAP-compliant information security management practice.  Our client was an international service-provider to governments in Australia and overseas. In order to be able to provide services to the Australian federal government, our client needed …

Magento as the coal-miner’s canary

Overview Regular review of web-application logs is not only a requirement for various compliance regimes (such as the PCI-DSS or various IRAP-based programs), it can actually give you good insight into vulnerabilities which arise outside of the web-application itself. In this post we describe how clever analysis of blocked-request logs (in this case to Magento) …

IRAP – Information Security Registered Assessors

Overview The Information-security Registered Assessors Program (IRAP) provides a framework that allows qualified and certified assessors to provide assessment services, particularly with reference to the Australian federal government’s Information Security Manual (ISM) and Protective Security Policy Framework (PSPF). The IRAP program is an initiative of the Australian Signals Directorate (ASD). An increasingly wide range of …