about us

Information Security Specialists

Aura Information Security is one of New Zealand's leading and fastest growing information security consulting companies offering penetration testing, security architecture and secure development training. Our customers include many of the largest New Zealand government agencies as well as local and international banks and corporates.

Experienced Team

Our team consists of highly experienced software experts and penetration testers; we pride ourselves on excellence. We hold some of the top security qualifications in the industry and have tested many large scale applications both locally and internationally.

Tools and Expertise

Using a combination of scanning tools and expert manual exploration techniques, our services will give you the highest levels of confidence that security issues have been considered, and vulnerabilities have been identified, removed or mitigated prior to a malicious hack.

End-to-End Process

We recommend combining our Aura Security Development Lifecycle (ASDL) into the software development lifecycle (SDLC). This process combines ‘Threat Modelling’, ‘Incident Scenarios’, ‘Internal reviews’, and ongoing ‘Penetration Testing’ so that any system can move to production release, knowing how it will perform under an attack, and how the teams and organization will cope.

Real-Results

From the initial security requirements phase and threat modeling through to the final penetration testing of a live system we utilize real-world personas, i.e. attack and test systems and processes in ways that they likely to be attacked – for instance as a “web-hacker”, “rogue customer” or “malicious employee”. These “real” tests are invaluable as often systems that are “secure” on paper, or built on “secure” platforms are still vulnerable due to errors in their build, implementation and support.

Simple and Easy to Understand

Our deliverables detail the vulnerabilities in easy to understand language with examples of how a vulnerability can be exploited. Vulnerabilities are categorised with a Threat Level and a recommended approach to mitigating the risk using industry level best practices.