Why it matters

Build security best-practice into your project frameworks, right from the very beginning, to ensure you are delivering technology and processes that are free of vulnerabilities; and are more resilient to cyber-attack.

Secure by Design


Secure by Design is about embedding security into your development projects from the start. Adopt a best-practice security design approach early on, ensuring you consider people, process and technology. Then include an Aura security professional as part of your project team to ensure security is baked in throughout the development life-cycle. This will help save time and money when final testing is undertaken before go-live. Secure by Design ensures that your project is secure from start to finish.

Security Risk Assessments & Certification

When you introduce something new, or undergo significant change, it’s important to get a good handle on the potential risks.

Our team of Virtual Security Officers will help you establish the level of control you need to apply to a system in order for the level of risk to be acceptable, and for the system to meet compliance requirements such as PCI-DSS or NZISM. This provides assurance that your project incorporates all relevant security controls, and they are effective, before you start using the system to manage your information.

Security Design Reviews

The best time to think about security is during the design phase, before you’ve invested in building it.

The majority of information security risk Aura discovers during penetration tests could easily have been remediated and incorporated into the solution design; and in a more cost-effective way. Our expert team of Virtual Security Architects can help you integrate effective security controls into your solution design in a pragmatic way. This means you are less likely to discover vulnerabilities later in the project when it’s more difficult and expensive to fix.

Secure Software & Agile Development

When building software, it’s important to arm your developers with the knowledge and skills to code robust and secure software.

Aura embeds industry best-practice security processes into your software development life-cycle, ensuring they are built into your applications as standard. Most development adopts an agile approach, which means having to build security into sprint cycles at the same quality level as a full product review. With a security program that's specially designed around agile or DevOps methodology, Aura provides the right combination of training, reviewing and testing to keep your software secure.

Source Code Reviews

A source code review can pin-point defects that could be used by hackers to gain access to your systems and data.

Our source code review consultants all have strong software development backgrounds, expert knowledge across languages, platforms and technologies, and work with you to prioritise areas of risk.

Tactical Security Assessments & Assurance

Aura helps you configure your systems in a secure way by ensuring everything is patched, ports are closed off; and that it’s all properly hardened to industry standards.

Our tactical security assessments allow you to perform quick checks and remediate information security risk early in your project, so you’re not finding too many show stoppers at the end of a penetration test. And, with less security remediation required at the end, your business is in a better position to plan project costs and timeframes. Services we offer include:

• Host Reviews
• Vulnerability Assessments
• Password Audits
• Firewall Reviews
• Configuration Reviews

Penetration Testing

As the final step before your new system goes into operation, a penetration test validates all the security due diligence you have done so far – and enables you to deliver a secure system to your organisation.

Identify security vulnerabilities in your network or applications before they can be exploited by attackers. Aura’s team of security consultants are highly experienced pen testers and are particularly skilled at thinking like the bad guys. Our services include:

• Network Boundary Security Testing
• Internal Network Review
• Wi-Fi and Remote Access Testing
• Application Penetration Testing
• Mobile Security Testing

Security Management

Once your new system has been deployed into BAU, you then need to ensure it operates in a way that maintains an appropriate level of security.

Aura’s security management service provides you with regular security reporting, penetration testing and security reviews during your system’s operational life. This helps you get full visibility of any information security risk by measuring all the security metrics in the system, including: patching, privileged access, authorised change and security incidents. Our Virtual Security Officers can also make sure you are correctly applying your information security policy and strategy within the system; and that that it meets industry compliance.

“Since doing Aura’s developer training, our team has approached coding from a far more real attack-and-defence perspective, giving the system the security and robustness we need.”


—Rod Drury,
CEO – Xero