SECURITY TESTING

PENETRATION TESTING

See your assets and vulnerabilities from the perspective of a skilled attacker

PCI DSS ASSESSMENTS

Friendly QSAs with practical implementation and risk management experience

PHISHING & SOCIAL ENGINEERING

Understand the effectiveness of your organisation's security-awareness training

ORGANISATIONAL ASSESSMENTS

Holistic organisational security assessments, audits and security reviews

CLOUD SECURITY REVIEWS

Security assessments of cloud computing environments in AWS and Azure

Slider

PENETRATION TESTS

A penetration test (pen test) is an exercise, conducted by a careful, skilled assessor, that seeks to discover, exploit and report on vulnerabilities in the target asset(s).  Pen testing includes both automated and manual tools and techniques that allow the assessor to simulate an attack on asset(s) as defined within the scope of the assessment.

Standards such as the PCI DSS note that penetration tests must be conducted at least annually and after any significant infrastructure or application upgrade or modification. DotSec builds and hosts secure systems for government and commercial clients, both in-house and in the cloud and our testing recommendations reflect that practical implementation experience.

PCI DSS ASSESSMENTS

DotSec is a Payment Card Industry (PCI) Qualified Security Assessor (QSA) company. This means that DotSec is qualified to assess entities (including on-line merchants, payment processors and service providers) for compliance with the PCI Data Security Standard (DSS). 

We have built systems that are compliant with the PCI DSS and we can assist with the preparation of all your PCI DSS compliance and reporting requirements, from gap-analysis and remediation work, through to Attestations of Compliance (AOCs) and Reports on Compliance (ROCs), through to Self Assessment Questionnaires (SAQs). DotSec’s QSAs have many years of implementation experience, and so provide practical and reasonable advice.

ORGANISATIONAL REVIEWS

DotSec can conduct organisational reviews that are undertaken with reference to the control objectives listed in Annex A of the ISO/IEC 27001:2015 standard.

An organisation review will provide a range of benefits to the client and, in particular, will provide the organisation an overview of it’s current level of information security maturity.

The level of maturity will refer to one of five maturity stages, and will be measured qualitatively for each of the 14 clauses (which can be thought of as security domains) listed in Annex A of ISO/IEC 27001:2015.  All reviews include practical recommendations as to how the organisation’s level of maturity can be improved.

CLOUD REVIEWS FOR AWS & AZURE

Responsibility for the security and compliance of any cloud environment (both infrastructure and controls) is shared between the cloud service provider, and the customer.

In general, the cloud service provider is responsible for the infrastructure and the customer is responsible for the services and applications that run on that infrastructure, but the lines can become blurred on occasion.

DotSec conducts security assessments of cloud computing environments including AWS and Azure. Once-off reviews or continuous assessment as part of our fully managed SIEM/SOAR service; the choice is yours.

PHISHING & SOCIAL ENGINEERING TESTS

Criminal groups (as well as others) use phishing as a means to infiltrate organisations, undertake ransomware attacks, gather credentials for subsequent impersonation attacks, or simply to destroy target assets.

DotSec conducts phishing (and more generally, social engineering) tests in order to demonstrate to your users how phishing attacks work, and how to reduce the associated risks.

Phishing tests are most effective when combined with security awareness training, providing both testing and improvement metrics. Ask about our packaged testing and education services to understand more.

Two decades of experience: That's your key to success

DotSec assessors have specialised skills, not just in testing and assessment (“hacking”) but also in secure-systems design, development, deployment and maintenance.  Our understanding of what it takes to develop and maintain secure systems allows our assessors to deliver unique and valuable results.

OPPORTUNITIES, NOT PROBLEMS

An assessment report that focusses on shortcomings and vulnerabilities is pointless!  DotSec has 20 years of experience in building secure systems so our assessment reports include detailed descriptions of how vulnerabilities and short-comings may be addressed, in a practical and reasonable manner.

INDEPENDENT & EXPERIENCED

When it comes to assessment and testing, DotSec works with you to understand your business processes, identify your assets, and assess and then manage your risks. You can be certain of receiving a complete and concise report that will provide you with clear and realistic risk-mitigation strategies and actions.

ASSESSMENTS BASED ON YOUR NEEDS

DotSec can provide a range of testing and assessment services including PCI DSS and IRAP security audits, Cloud (Azure and AWS) security reviews, CPS 234 audits, organisational reviews, blind and informed penetration pests (pen tests), social engineering (including phishing) tests, code reviews and design reviews.

Don't wait until it's too late!

Major compliance frameworks and guidelines (such as the PCI DSS, ISO 27001, CPS 234, and the ISM) recommend or demand that testing is done on a regular basis, and/or after a major system change.  New systems should be tested early in order to reduce risks and costs associated with late-stage system redevelopment.