Aura Software Security Ltd

SECURITY	REDEYE	ARCHITECTS
About
Services
Methodology
Publications
CaseStudies
Contacts

News

Winner of Electra Awards New Thinking 2009

10 Nov 2009
We are very proud to be the winners of the Electra Business Awards 2009 - New Thinking and Innovation category! Putting "Silicon Gorge" on the map

Help Sponsor our Southern Crossing

January 2010
In loving memory of Betty Nicholson and Helen Palmer, Andy Prow and family (Diane, Josh and Autumn) are walking the Southern Crossing - 3 day hike over the top of the Tararua Range!
Please help support us in raising funds for the Neurological Foundation.
Find out how...

Day-Con III - Dayton Security Summit

15 Oct 2009
The now world-famous and highly sought after Graeme Neilson is off to present at Day-Con III in Ohio, USA, and Aura is proud to be a Gold Sponsor of this excellent IT security event.

Microsoft TechEd

14-16 Sept 2009
Microsoft's TechEd NZ was another HUGE event this year, all the more so of course because Andy Prow presented with Kirk Jackson - check out "SEC313: Hack-Ed, Teaching the Good-Guys Bad-Tricks"

Microsoft Code Camp 09

13 Sept 2009
If you're heading to TechEd this year and need to scratch up on your Secure Coding Practices then definately come along to the .Net Code Camp. Andy Prow will be presenting with Kirk Jackson of Xero on Secure Coding Practices.

BlackHat Vegas

25-30 July 2009
Aura's Graeme Neilson gave an EXCELLENT presentation at BlackHat USA 09. Graeme presented his now world famous "NetScreen of the Dead" (sorry Juniper). BlackHat is "the World's Premier Technical Security Conference", so we're very proud to have Graeme invited to speak!

CIO Summit

21-22 July 2009
The NZ CIO Summit 2009 was an excellent event! Almost twice the size of last year it was buzzing.
Thanks to Paul Blowers, Enterprise Security Architect from the NZ Police for an excellent talk. Read more...

OWASP DAY 2009

13 July 2009
Look out for the OWASP NZ Day 2009 on July 13th in Auckland.
Andy Prow is presenting with Kirk Jackson from Xero - "XSS The Gloves are Off". Andy's hacking, Kirk's defending... hopefully not too much blood spilt!

.Net User Group

29 Apr 2009
Andy Prow presented at the .Net User Group talk at Xero, Wellington. Find out more... If you couldn't be there - download the presso

IT Security Summit 09

14-15 April 2009
Mark Keegan again gave an excellent presentation at this year's Brightstar Annual IT Security Summit
Mark presented "Hacks and Demos: Securing Web Applications" - see our presentations

ISACA

Dec 2008
Andy Prow presented at the ISACA Computer Security Day on the 2nd Dec 2008 in Wellington. Andy's presentation focussed on the "SANS Defensive Wall 1 - Proactive Software Assurance". Read more...

RUXCON

Nov 2008
Great conference - Graeme Neilson presented at RUXCON in Sydney this year - 29th,30th Nov 08. Graeme presented on how to hack Juniper firewalls, rebuilding and reloading the OS, to create an untraceable "zombied" firewall - you run it, we own it, what more could you ask for? This preso was certainly one of the best of the whole conference (totally unbiased opinion of course!). Read more...

CIO Summit

July 2008
We showcased our services at the BrightStar/IDC CIO Summit on July 22nd & 23rd in Auckland, especially our new RedEye.
If you were there you'd have heard an excellent presention by Craig Walker the CTO of Xero casestudying our services with them.

QualIT Partnership

May 2008
We're excited to accounce our partnership with QualIT through which we're providing our PRODUCTION STRENGTH testing service, combining security testing and performance testing services.

IT Security Summit

April 2008
Our very own Mark Keegan presented at this year's Brightstar Annual IT Security Summit
A good 2 days session - well worth attending if you haven't before.

Graeme on IT Radio - Australia

Feb 2008
A great interview with Graeme Neilson on Ausy's IT Radio all about BlackBerry hacking and Aura's "RedBerry" security tool. IT Radio #46

Microsoft Certified Partners

January 2008
We're very proud to announce that Aura Software has just become a Microsoft Certified Partner.

Research & Development

December 2007
We are extremely happy to have been granted a TBG grant from the Foundation of Research, Science and Technology - see www.FRST.govt.nz for more info.

The fruits of this project will be seen in the next versions of our RedEye service.

Kiwicon 2k7

November 2007
Mark Keegan and Graeme Neilson both gave presentations at the inaugral Kiwicon Event - NZ's own Security Conference.

Check out www.Kiwicon.org for info on the conference, and our publications page to have a look yourself

Over the Ditch

October 2007
This Kiwi Security consulting company engaged in our first penetration test across the ditch in Australia, testing the Managed Accounts website owned and operated by Investment Administration Services Pty.

Read the full case study here

Aura Software Security - Internet Security Specialists



		Penetration Testing
		A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source
		Our core service is "penetration testing". We currently perform pen-testing for 14 New Zealand Government agencies and many corporates here in NZ, over the ditch in Australia and all the way over in the UK. We have an extremely experienced team, with certifications including C.E.H (Certified Ethical Hacker) and holding NZ Govt security clearances.



		Security Training - "Teaching the Good-Guys Bad-Tricks"
		In our experience, one of the most effective forms of defence is a holistic approach, get your developers and IT staff security aware, i.e. skill them up with hacking techniques. We run both one and two day courses.
		Day One
		Day one is typically aimed at all members of the IT team including devs, PMs, BAs, Architects, testers and IT admins and focuses on demonstrating how the hacks are put together, and what steps should be in the secure development life-cycle to protect against them. The training on this day is critical to achieve "holistic security", having the whole team thinking security implications of all projects.
		Day Two
		Day two is typically aimed at just the development team and focuses on demonstrating real hacks and attacks in detail. During this day devs will learn how to perform the common attacks, and how to code to protect against them. They will also learn how to better "think like a hacker" and therefore write more robust and secure code.
		Current Course Dates
		Wellington – on-demand Auckland / Christchurch - on-demand Corporate Venues – on-demand
		To make a booking or to request more detailed information on the course content and format just contact Andy.



		RedEye Security Scanner
		Aura's aim is make IT security afforbable to businesses of all sizes. The RedEye is of value for small business to large corporates, and can give peace-of-mind from only $200 per month.
		The RedEye is a vulnerability scanner and network security monitoring system that has been developed by Aura following R&D funding from FRST (the Foundation of Research, Science and Technology). Through the success of the product we are excited about the recent launch of Aura RedEye Security Ltd as a dedicated business entity which offers 3 flavours of RedEye:
		External Scans
		Your external IP addresses are being scanned on a daily basis - do you know all your ports and services are locked down correctly? The RedEye will scan your external IPs daily (or more) to ensure you're locked down correctly. The External RedEye requires no setup inside your organisation, takes minutes to setup and is only $200 per month for the first 5 IPs (plus a one-off $200 setup fee) - contact us to find out more
		Internal Scans
		To help protect your internal network the Corporate RedEye will scan your external IPs daily (or more) to ensure you're locked down correctly. The Corporate (Internal) RedEye Server is installed inside your corporate LAN and scans all available networks, from servers to desktops. The RedEye will alert of changes to any machine's network profile, or can scan against a pre-defined "baseline". We can setup many baselines, such as "standard web-server", "mail-server", "standard desktop" etc... When baselining is enabled we can also run the RedEye with a "Server Nursey" service, where the RedEye pre-scans machines before they're released to the production network to ensure they're secured appropriately. Contact us for pricing
		Internal IDS
		As a top-level of security the RedEye can work in IDS mode (Intrusion Detection System). This mode monitors all network traffic and will high-light any malicious traffic. When combined with the internal vulnerability scans and baseline scans the RedEye will alert on traffic that does not match the known or wanted machine profiles. Contact us for pricing
		Expert Analysis
		There are several vulnerability scanners on the market - the key difference with the RedEye is that all results are analysed by our expert staff so we can advise on the best action to take.