Testing and assessment


DotSec is a Payments Card Industry (PCI) Qualified Security Assessor (QSA) company. This means that DotSec is qualified to assess entities (including on-line merchants, payment processors and service providers) for compliance with the PCI Data Security Standard (DSS).


DotSec conducts penetration testing, assessments and security audits. Our work is based (as appropriate) on standards including AS/NZS ISO 31000:2009, AS ISO/IEC 27001:2015, the Australian Government’s Information Security Manual (ISM), and the Queensland Government’s IS18.


DotSec works with organisations seeking to achieve IRAP certification. DotSec can complete an assessment report that
describes areas of compliance and non-compliance, suggests relevant remediation actions and makes certification recommendations.

Don’t wait until it’s too late!

Major compliance frameworks and guidelines (such as the PCI DSS, ISO 27001, and the ISM) recommend or demand that testing is done on a regular basis, and/or after a major system change.  New systems should be tested early in order to reduce risks and costs associated with late-stage system redevelopment.

Two decades of experience: that’s the key to your success!

DotSec has provided infosec services (including testing and assessment) since 1999! That’s over 18 years of threat and risk assessment experience and in that time, we have provided risk assessment, management and mitigation services for online retail, government, finance and banking, legal, investment, online-gaming, education, on-line payments and telco clients.

DotSec assessors are unique because they don’t just “hack” systems; our infosec professionals have developed, integrated and maintained secure information systems for decades! Our understanding of what it takes to develop and maintain secure systems results in recommendations that are realistic, practical, and based on 20 years solid commercial experience.

We have a number of blog posts that describe our testing and assessment methodologies and we’re always available to discuss your requirements and provide a fixed-price quote.

Get in contact and let us know how we can best help you meet your testing and assessment needs.

Specialised and experienced!

DotSec assessors have specialised skills, not just in testing and assessment (“hacking”) but also in secure-systems design, development, deployment and maintenance.  Our understanding of what it takes to develop and maintain secure systems allows our assessors to deliver unique and valuable results.


Our reports don’t just list problems.  Because we also build secure systems, our reports include detailed descriptions of how the level of risk associated with each short-coming may be reduced to an acceptable level.


When it comes to assessment and testing, DotSec works with you to understand your business processes, identify your assets, and assess and then manage your risks. You can be certain of receiving a complete and concise report that will provide you with clear and realistic risk-mitigation strategies and actions.


DotSec can provide a range of testing and assessment services including PCI DSS and IRAP security audits, organisational reviews, blind and informed penetration pests (pen tests), code reviews and design reviews.