Taking Information Security to a New Level

Security-Assessment.com is a purist security company, with a strong focus on research and development. This is delivered in the form of world-class advisory and assurance services to large and medium size enterprises that require a true independent measurement of security compliance, and who need specialist advice to improve their overall information security stance. We are a trusted partner providing clients with on-going assurance services and advice to support informed decision making regarding security and risk for their business. Security-Assessment.com helps design security into the organisational practices rather than through tactical or technological solutions.



02 Nov 2015,
On Thursday 29 October Denis from Security-Assessment.com released KeeFarce at the ISIG meeting in Auckland, New Zealand. KeeFarce is a tool that allows for the extraction of KeePass 2.x password database information from memory. The clear text information, including usernames, passwords, notes and URLs are extracted to a CSV file. The source code is available on github: https://github.com/denandz/KeeFarce KeePass is a widely used password safe utility distributed under GNU General Public license, details can be found at: http://keepass.info/
19 Aug 2015,
At the recent Defcon 23 conference in Las Vegas, the Microsoft Security Response Center posted its Top 100 top researchers across the globe. Scott Bell from SA.com in NZ was ranked 24th. This is a superb achievement from Scott, with most of the top researchers dedicating their full time to this research. Scott achieved this using the 20% research time allocated as part of SA.com's R&D program. Scott has used this time to find numerous vulnerabilities in Microsoft Internet Explorer and Mozilla Firefox.


19 May 2014,
Denis Andzakovic
SSL Pinning is a security measure employed by applications in an attempt to thwart users from intercepting requests with a web proxy. This whitepaper will discuss methods used to bypass SSL pinning.
21 April 2010,
Roberto Suggi Liverani
Cross Context Scripting (XCS) is a term coined for a browser based content injection in the Firefox chrome zone...