Services

Penetration Testing

Penetration testing focused on real-world attack scenarios and business impact. Testing methodology targets genuine attack vectors with clear, actionable remediation guidance.

Key Areas:

  • Web application and API security assessment
  • Infrastructure and network security testing
  • Business logic and authentication bypass testing
  • Detailed remediation guidance with implementation priorities

AI/LLM Application Security

Security assessment of AI-integrated applications, including large language model deployments, retrieval-augmented generation (RAG) systems, conversational AI, and agentic workflows. Testing addresses both the AI components and the surrounding application architecture, since most real risk lives at the boundary between the two.

Key Areas:

  • Prompt injection, jailbreaking, and instruction hierarchy bypass
  • RAG pipeline security including data leakage, retrieval manipulation, and source poisoning
  • AI agent and tool-use security including unauthorised action chains
  • LLM API authentication, authorisation, and quota enforcement
  • Sensitive data exposure through model responses and embeddings
  • AI governance alignment (ISO 42001, ACSC AI guidance, voluntary AI Safety Standard)

Our own testing is AI-augmented as well. See AI Capability for how we use it on engagements.


Cloud Security Review

Security configuration assessment across AWS, Azure, and GCP environments. Focus on misconfigurations, access control weaknesses, and compliance gaps.

Key Areas:

  • Identity and access management (IAM) configuration
  • Storage and data protection settings
  • Network security and segmentation
  • Monitoring and logging capabilities
  • Compliance alignment (ISO 27001, ACSC ISM, Essential Eight)

Security Consulting

Independent security expertise for compliance requirements, risk management, and strategic security program development.

Services Include:

  • Risk assessment and business-aligned security evaluation
  • Compliance readiness (ISO 27001, ACSC Essential Eight)
  • Security program development and implementation guidance
  • Vendor security review and third-party risk assessment

Engagement Models

Targeted Assessment - Specific application or infrastructure security testing
Cloud Security Review - Configuration assessment and remediation roadmap
Security Advisory - Strategic consultation on security program development
Compliance Readiness - Gap analysis and implementation planning


Ready to strengthen your security posture? Contact us to discuss your requirements.