Package
Business Essentials
This package is designed to be a cost effective security solution to gauge your organisation’s security posture against the most likely attack vectors.
Email leak search in public and private leak databases.
Credential leak search in public and private leak databases.
Domain name search for compromise / breaches.
The outcome is a detailed report showing if your organisation has been compromised, or at what level of risk the organisation is currently facing due to credential leaks, including susceptibility to password stuffing attacks via the organisation’s internet-facing authenticated services.
Commercial-grade vulnerability scanning against external network / internet perimeter (up to 30 IP addresses).
Penetration Testing of external network / Internet perimeter up to 30 IP addresses).
Assessment covers web applications, network devices, remote access solutions, firewalls and any networked service published to the internet.
The outcome is a detailed report show what services each host has published to the internet, what services are vulnerable to attack, the extent to which each vulnerability can be exploited and expert advice on how to mitigate the risks that were uncovered during the assessment.
Commercial-grade vulnerability scanning of web applications (up to 5 web applications), as an unauthenticated user, checking for all common web vulnerabilities (based on OWASP Top 10),
Automated and manual web application penetration testing as an unauthenticated user (up to 5 web applications).
The outcome is a detailed section in the report that details the methodology and checks performed, issues identified and exert advice on how to remediate each discovered vulnerability.
A Business Email Security Review is a hybrid security assessment that involves:
Checking external Email configurations (DNS, MX, SPF, DKIM, DMARC)
Scanning external-facing Email services with commercial-grade vulnerability scanner to determine open services, misconfigurations, access control issues, encryption, software vulnerabilities.
Manual security checks (connecting directly to the SMTP service, testing authorisation controls).
Testing for insecure remote access (E.g. OWA).
A Firewall Hardening Security Review is a hybrid security review that entails both technical and documentation reviews.
An external vulnerability scan of internet-facing firewall interfaces, identifying open services, misconfigurations, and vulnerabilities.
A configuration review of the firewall’s configuration against industry best practices (CIS or NIST). This identifies insecure firewall rules, access policies, software patching levels etc.
$6000 AUD exGST
External Network: No more than 30 active IP addresses.
Web Application: Unauthenticated penetration testing only (not testing user logins). Up to 5
Business Email: No more than 2 external email servers / services.
Firewall: No more than 2 internet-facing firewalls.
This is a flexible package and services can be swapped in and out. Please view our full services list if you would like more options.