Aura Software Security Ltd

Internet Security Specialists

Aura Software Security Ltd is a specialist software security company, focusing primarily on custom web application security and penetration testing services.

“Sooner or later, every business will have its computer systems tested by a hacker.”
Jesper Johannson, Seattle-based senior Microsoft Security Strategist – 20th March 2006

Small experienced team

Our team consists of highly experienced software experts and penetration testers; we pride ourselves on excellence. We hold some of the top security qualifications in the industry and have tested many large scale applications both locally and internationally.

GCSB Endorsed Process

We have had our processes endorsed by the NZ Government Communications Security Bureau (GCSB) and they have sponsored each of our team to a classification level of ‘Confidential’.

Tools and Expertise

Using a combination of scanning tools and expert manual exploration techniques, our services will give you the highest levels of confidence that security issues have been considered, and vulnerabilities have been identified, removed or mitigated prior to a malicious hack.

End-to-End Process

We recommend combining our Aura Security Development Lifecycle (ASDL) into the software development lifecycle (SDLC). This process combines ‘Threat Modelling’, ‘Incident Scenarios’, ‘Internal reviews’, and ongoing ‘Penetration Testing’ so that any system can move to production release, knowing how it will perform under an attack, and how the teams and organization will cope.

Real-Results

From the initial security requirements phase and threat modeling through to the final penetration testing of a live system we utilize real-world personas, i.e. attack and test systems and processes in ways that they likely to be attacked – for instance as a “web-hacker”, “rogue customer” or “malicious employee”. These “real” tests are invaluable as often systems that are “secure” on paper, or built on “secure” platforms are still vulnerable due to errors in their build, implementation and support.

Easy to Understand

Our deliverables detail the vulnerabilities in easy to understand language with examples of how a vulnerability can be exploited. Vulnerabilities are categorised with a Threat Level and a recommended approach to mitigating the risk using industry level best practices.

In the news

WDCNZ Web Security Workshop

06 April 2011

Aura Software Security will be running a half-day web security workshop on Friday 15 July for those wanting expert training the day after WDCNZ. Click here for more.

Deloitte Asia Pacific Technology Fast 500!

04 Dec 2010

Congratulations to Aura on getting into the Deloitte Asia Pacific Technology Fast 500! A huge 284th position. Excellent - this gives us 283 companies to improve on for next year...

Electra Business of the Year - goes to AURA!

01 Jul 2010

What a HUGE evening at the Electra Business Awards! We are extremely proud to have been awarded the "Business of the Year"!
As well as that we won the "Hi-Growth Award", "New-Thinking" and "Customer Services Award", as well as being finalists for "Staff Development" and "Operational Capability".

More IT Security TRAINING

Sept - Dec 2010

We have a new round of our Teaching the Good-Guys Bad-Tricks IT Security training courses coming up, in Wellington, Auckland and Christchuch through-out Sept to Dec.

We are running both in-house corporate sessions, and are booking several group venues that are open for public bookings. Places fill up fast so CONTACT US now for arrangements.

$250,000 TechNZ Grant for Aura RedEye

Jul - Dec 2010

Aura's RedEye vulnerability scanning product and threat analysis service has been awarded a $250,000 TechNZ Research and Development grant from the Foundation for Research, Science and Technology

Microsoft TechEd 2010

30 Aug - 1 Sep 2010

Microsoft's TechEd NZ will be another huge event. Aura's Andy Prow will be presenting again with Kirk Jackson - Hack-Ed, Teaching the Good-Guys MORE Bad-Tricks