Author Archives: sgannouncements

WE’RE HIRING: Penetration Testers


March 25, 2015

Securus Global is looking to expand its technical delivery team, so that as we grow, we can continue to deliver top-quality security assessments to our clients.

  • Location: Sydney or Melbourne CBD
  • Salary: Dependent upon experience.
  • Work Type: Full Time

ROLE PURPOSE:

The Penetration Tester is a hands-on technical role, primarily involving:

  • Performing penetration testing (web apps, networks, mobile apps, code reviews, you name it)
  • Reviewing other technical deliverables, such as penetration testing work and client reports
  • Presenting technical work to clients and be able to explain various security issues and why they’re important to both technical and non-technical audiences
  • Contributing to the development of internal tools and methodologies

Continue reading

August 2014 Newsletter


August 11, 2014

Table of Contents:
• A CIO’s Approach to Developing a Security Framework 101
• Penetration Testing Applications
• Practical Security: Browser Security Settings
• Upcoming Events
• Achieving Comprehensive PCI DSS 3.0 Compliance
• The SG Community

Web Version: http://securusglobal.createsend1.com/t/ViewEmail/j/513E2918A2BFF01D

A CIO’s Approach to Developing a Security Framework 101

One of the biggest questions we always get asked by CIOs and other senior business management in regards to Information Security and IT Risk Management is where to begin. Do you focus on purchasing security tools first, developing policies and standards or getting an audit done and working from the results of that audit?

From our experience, while all of the above can assist in some way, developing a framework about how you will think about your security position is the number one priority before you make a major investment in tools, your staff’s time or the costs of hiring consultants. You may find that a lot of the costs you estimated originally may not be needed. Continue reading

July 2014 Newsletter


July 09, 2014

Includes the latest from the Securus Newsroom, Partner Updates, Community Engagement, Tech Talk, Career Ops and more.

View as PDF here: https://securusglobal.createsend.com/reports/viewCampaign.aspx?d=j&c=8529664D569F40FB&ID=C09E8E4AF5539137&temp=False

You can also subscribe to our newsletter: http://www.securusglobal.com/subscribe/

 

Penetration Testing in Australia

It is always interesting to look at theoretical investment being made by companies in Australia. Based upon our experience, the assumptions made in a recent analysis by Nick Ellsmore, are in our opinion realistic. Read full article here: http://www.dellingadvisory.com/blog/2013/4/5/penetration-testing-market-analysis-where-is-all-the-revenue

Should you be using this as your guide to your own strategy in regards to penetration testing? Well that depends on your own circumstances, your risk tolerance assessed against those assets and the overall potential impact to you in case of a breach. (Related to your risk assessment and that risk tolerance level).

Taking aside the financial aspect in terms of costs of penetration testing across the board, a key factor for consideration, based on Securus Global’s own 10+ years of experience in this market, is that 95% of web applications we test for the first time have major to critical vulnerabilities in them. If even only 50% of those applications were already in production before we tested them, (with the actual figure higher), that equates to an alarming number of websites in Australia (and globally given those statistics do not differ for our international clients), being insecure and open to compromise, if they haven’t been compromised already.

It’s clear that a great deal of Australian business do not have an effective security assurance program in place. With cyber crime on the rise and media reporting of breaches increasing exponentially, it doesn’t present a confident picture of cyber security in Australia, nor globally. Continue reading

[Data Breach] – eBay – May 2014


May 22, 2014

Official Announcement from eBay: http://www.ebayinc.com/in_the_news/story/ebay-inc-ask-ebay-users-change-passwords

“eBay Inc. (Nasdaq: EBAY) said beginning later today it will be asking eBay users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.” Read more:

Further info: http://www.forbes.com/sites/gordonkelly/2014/05/21/ebay-suffers-massive-security-breach-all-users-must-their-change-passwords/

Hiring – Penetration Testers


April 03, 2014

Penetration Tester Roles

LOCATION:  Sydney, Melbourne

Securus Global is a small, dynamic organisation that requires each and every person to step up to the plate. We have a strong reputation for excellence in delivery and expect quality in all we do. You will not be able to get lost in the crowd here and you will have opportunities for growth that are only limited by yourself.

JOB DESCRIPTION:
Securus Global is currently looking for an experienced web application penetration tester to join our team in Sydney or Melbourne. This is a challenging and varied role with predominantly project-based, hands-on engagements that include, but are not limited to:

  • Web application penetration testing
  • Network vulnerability assessment
  • Application source code review
  • Application reverse engineering Continue reading

April 2014 Newsletter


April 01, 2014

We hope you enjoy reading the case studies in this months newsletter.
We’ve included a variety of articles to appeal to the range of our stakeholders, from the technically minded to the executive levels and everything in between. Eg:

* Board communications security and the move to mobile technologies
* How I got root with Sudo
* Security Pitfalls of a Shared Portal
* Tripwire – Security Configuration Management
* Securus Global – Community

Read more: http://createsend.com/t/j-F7BCBF3C4D9881A9

[Data Breach] – Telstra – May 2013


March 11, 2014

Originally published: http://www.itnews.com.au/News/374722,telstra-breached-privacy-act-by-exposing-user-data.aspx
By Allie Coyne on Mar 11, 2014 10:32 AM

One day before new privacy laws take effect.

Telstra has been forced to pay $10,200 after being found to have breached the Australian Privacy Act by inadvertently exposing the details of over 15,000 customers online.

In May last year the personal information of 15,775 Telstra customers, detailed on internal Telstra spreadsheets, were discovered to be publicly accessible through a Google search.

The data included customer names, telephone numbers and in some cases addresses. It also included 1257 silent line customers. Continue reading

March 2014 Newsletter


March 05, 2014

This months edition is jam packed full of articles, including:

* Testing New Technologies – Smoke Detection, Alarms, CCTV etc.
* Cracking .NET Membership Password Hashes
* The “most asked question” – What should companies do to minimise their security risks?
* Upcoming Events – Breakfast Brief
* Mitigate DDoS Attacks with Cloud & On-Premise DDoS Protection
* 5 Critical Steps of a Complete Security Risk & Compliance Lifecycle
* What makes good application security knowledge?
* New Securus Global Social Engineering Services
* Industry Round-up
* Securus Global – Community

Read more: http://createsend.com/t/j-F0F44592233EF9CA