Home

DotSec - dot com security

DotSec is a professional information-security organisation that delivers solutions which, first and foremost, address our customer's business requirements. All DotSec professionals are experienced in the design, implementation and assessment of secure information-systems, and in the provision of policies, procedures and training to keep those systems secure.

In particular, DotSec professionals have a strong track-record in the areas of:

Secure web applications and services. DotSec has deployed, and continues to support, a secure, redundant web-service for the Qld Dept of Health's Clinician's Knowledge Network. The site includes a SAML-based authentication service, providing Web-SSO for a number of web applications. DotSec has also provided (and continues to support) message-security services for APRA's D2A online reporting service, and has completed the design and integration of authentication providers for J2EE systems for an Australian federal government department in Canberra.
Strong, multi-factor authentication systems, including OTP (One-Time Password), token and smart-card based systems. DotSec specialises in the design and deployment of Single Sign-On (SSO) services. DotSec has recently deployed a secure, two-factor authentication system as part of an integrated, holistic security environment. The authentication service, developed for a financial-investment company, allows remote workers to access VPN, web-mail and calendars, without compromising domain passwords.
Enterprise Identity and Access Management services and integration, including requirements analysis, and integration with strong authentication and directory services.
The development and review of information-management security policies, and of standard operating procedures and security plans which are based on those policies.
Threat and Risk Assessment (TRA), security-services design reviews, and Penetration Testing (Pen Tests). DotSec brings unique TRA skills, since DotSec professionals have experience in the design and implementation of secure applications and services, not just in assessment and review. A recent TRA project allowed DotSec to demonstrate how an attacker could collect the usernames and passwords of all the users of a leading case-management application, by exploiting vulnerabilities in the application itself.
The provision of training courses to a wide variety of audiences. Our courses range from half-day information-security primers, to three-day secure-application development courses, and have been delivered in-house, as well as by third-party training organisations.

Dotsec professionals work with you, the customer, to provide a assessment, policy, training, implementation and monitoring solutions that satisfy your business requirements.

News byte!

Once again, DotSec were proud sponsors of the AusCERT information security conference. Since Internet banking is essentially one of the archetypal secure online applications, it provides a convenient example of why secure applications-development frameworks should exist, as well as illustrative examples of what can go wrong if they do not. In order to provide some concrete examples, the presentation included live demonstrations of three types of attack. Read on for all the details.

Accreditation!

Signatory (GITC# Q-2554) to the Qld State Government's GITC information technology supplier agreement.

Included in the the Attorney-General's Department Critical Network Vulnerability Assessment (CNVA) program.

Endorsed supplier number 5461. See the ESA web page.