Pages

• About Us
  • Accreditation
  • Awards
  • Engagement Methods
  • Government Supply Panel Contracts
  • Management Team
  • Rewarding Careers
    • Full-Time Cybersecurity Consultant role
• Accessibility
• Confirm Subscription
• Consulting
  • Application Security
  • Cloud Security
  • Container Security
  • Database – Servers and Security
  • Denial of Service Testing Services (DoS & DDoS)
  • DevOps Security Automation
  • Enterprise Breach Security Assessment
  • Host Security
  • IT Security Services
  • Mobile Security
  • Office 365 Security Review
  • Penetration Testing
  • Physical Penetration Testing
  • Red Teaming
  • SAP Security Assessments
  • SCADA Security
  • Social Engineering Testing Services
  • Telecom Security
  • Virtualisation Security
  • Web Application Security
  • Wireless Security
• Cyber Security – for the Not for Profit (NFP) Sector
• Governance Services
  • APRA – CPS 234
  • ASD Essential Eight – Mitigation Strategies
  • Board Level Cyber Advisers
  • Compliance & Regulatory
  • Cyber Advisory
  • Cyber Health Check
  • Cyber Risk Management
  • Cyber Security Incident Response
  • Cyber Security Policy & Framework
  • Cybersecurity Capability Maturity Model – C2M2
  • Enterprise Security Architecture
  • Information Security Management Systems (ISO 27001)
  • Information Security Manual (ISM) and IRAP Assessors
  • Notifiable Data Breach Scheme
  • NSW Department of Finance, Services and Innovation – Cyber Security Policy
  • Payment Card Industry (PCI) Compliance
  • Policy and Procedure Development
  • Privacy Act – Security Compliance
  • Software Assurance Maturity Model (SAMM)
• Home
• Legal
• Managed Services
  • Containerisation
  • Cyber Security Incident Response – Managed Services
  • Denial of Service (DDoS) Testing Services
  • DevOps and SecOps as a managed security service
  • Threat & Vulnerability Management
• No Access
• Privacy Policy
• Research
  • IT Security Advisories
  • Making Sense Of Security
  • Presentations
  • Videos
  • Vulnerability Disclosure Policy
  • Whitepapers and Articles
• Sense of Security Contact Details
  • SF Contact
  • Thank You
• Site Map
• Subscribe
• Thank You
• Thank You – Download Course Guide
• Training
  • DDoS Testing
  • DevOps Security Automation Training
  • Mobile Application Security
  • Online Security Awareness
  • Operational Security Principles
  • Red Teaming
  • Secure Web Application Development
• Tutorial: Security Automation in DevOps
• Why companies are exposed to social engineering
• Why is Information Security Important?

Posts

• Datasheets

• News

  • The Business Case for Dynamic Risk Assessment
  • Sense of Security joins CyberCX as founding member
  • Security Awareness – from Boardroom to Basement
  • Don’t shy away from Technical Risk Assessment – A RSA blog article by our COO Murray Goldschmidt
  • The State of the Internet Perimeter in Australia
  • RSAC Unplugged 2019 Sydney, in partnership with AustCyber and the NSW Government, is taking place on October 10 as part of Cyber Week.
  • Achieving cyber resilience by reducing your susceptibility to attack – Whitepaper
  • The Cyber Security – Peer Reviewed journal published an article around DDoS written by our COO Murray Goldschmidt.
  • Our COO Murray Goldschmidt presented at Meet the Chiefs – Defence Watch Cyber 2019
  • Our COO Murray Goldschmidt, interviewed by Security Weekly on DDoS
  • BRITISH AIRWAYS HEAVILY FINED FOR DATA BREACH UNDER EU GDPR REGULATIONS
  • New APRA Standard – CPS 234 – July 1, 2019 update
  • Our COO Murray Goldschmidt presenting at the Meet the Chiefs – Defence Watch Cyber 2019 event – Understanding Supply Chain Risks to Address Cyber Security Resilience Requirements
  • How To Operate A DDoS Program – Webinar hosted by Murray Goldschmidt
  • WINDOWS BLUEKEEP
  • The State of Web Application Security in Australia
  • Sense of Security is now a AWS Select Tier Partner
  • Who Manages the Managers?
  • The 2017 EQUIFAX Data Breach … $500m and Climbing
  • How to design and operate a DDoS testing program – RSA Presentation
  • The Cyber Security Risk of Merger & Acquisition
  • Parliament Issues and Implications
  • RSA USA selects our COO Murray Goldschmidt to run three sessions at the San Francisco conference
  • Department of Finance, Services & Innovation implements new cyber security policy
  • Our COO Murray Goldschmidt presenting at RSA USA 2019
  • New APRA Standard – CPS 234
  • DDoS – the ever growing security threat
  • How to Design and Operate a DDOS Testing Program training – RSA USA 2019
  • MSP Global Hack
  • 2018 Wrap Up
  • Micro Services, Containers and Serverless PaaS Web Apps? How safe are you? – AISA 2018 presentation
  • SMBs need to come to grips with digital dangers
  • Automating SecDevOps – RSA USA 2018
  • IoT security flaws to bite in 2018 | Computerworld
  • Business failing the cyber security test
  • AISA 2018 Conference – Deploying Micro Services, Containers and Serverless PaaS Web Apps. How safe are you?
  • IoT: The Security Risks
  • Cyber Security News Wrap-up 02/06-08/06
  • Growing IoT adoption putting Australians at risk of cyber attacks
  • Cyber Security News Wrap-up 26/05 – 01/06
  • Join us at IoT Fest on Monday 4th June
  • Cyber Security News Wrap-up 19/05 – 25/05
  • Black Hat USA: Secure Mobile App Development workshop
  • Our thoughts on the Federal Budget’s cyber security funding
  • GDPR Security and Protecting Data
  • Cyber Security News Wrap-up 28/04-04/05
  • GDPR: Data Subjects’ Rights summarised
  • GDPR: The Basics for Australian businesses
  • Cyber Security News Wrap-up 14/04-20/04
  • 1.5 Billion Businesses and Consumer Files Exposed Online from Poor Cyber Security Policies
  • Cyber Security News Wrap-up #8
  • Cyber Security News Wrap-up #7
  • Effective Container Security – ACSC 2018
  • Cyber Security News Wrap-up #6
  • Social Engineering is the New Norm in Hacking | CSO
  • Sense of Security Launches Free ADRecon Tool
  • Cyber Security News Wrap-up #5
  • What cyber security needs to go beyond the network
  • The Return of Crypto Mining
  • Cyber Security News Wrap-up #4
  • Cyber Security News Wrap-up #3
  • Cyber Security News Wrap-up #2
  • The Cyber Security Arms Race
  • Cyber Security News Wrap-Up #1
  • SMEs vulnerable to tech data legislation
  • Acuity Mag interview – Ten steps to protect your finance team from cyber crime
  • The gloves are off as cybercriminals leverage AI
  • The Notifiable Data Breaches Scheme – Who to Inform?
  • The Notifiable Data Breaches Scheme – What is it?
  • Uber Data Breach
  • DevSecOps: Security Needn’t be Sacrificed for Speed
  • Sense of Security – DFAT – Partnership
  • Equifax Hones In On Cyber Security Holes
  • Sense of Security talks red teaming, DevSecOps and “box ticking”
  • Medical consumer device makers are trying to improve IoT security
  • Book Now for Black Hat Asia DevSecOps Training – 20-21 March 2018
  • Announcing ISO 27001 Certification
  • Understanding the Notifiable Data Breach Scheme
  • Essential Eight Steps for Cyber Resilience
  • What is Cyber Resilience?
  • Murray Goldschmidt speaking at the ACSC 2017 Conference
  • SOS Presenting at Next Generation Testing Summit 2016
  • Australia’s first ASX 100 Cyber Health Check
  • Workshop at GovInnovate Canberra 2016
  • SOS demonstrating XSS exploits at BlackHat Europe 2016
  • SOS talking Dev’Sec’Ops at AISA Melbourne Branch
  • VPDSS now issued
  • SOS appointed to supply contract LGP115 ITC Products, Services & Consulting
  • Appointed to Local Buy (Qld) – IT Specialist Consultancy Services
  • SOS consultants to run full day tutorial at AusCERT’16 on Red Teaming
  • Murray Goldschmidt to deliver presentation on “DevOps Agility with Security” at the ACSC Conference
  • Two SOS consultants present at Black Hat Europe 2015
  • SOS consultant presents at Ruxcon 2015
  • SOS consultant presents at HITB Singapore 2015
  • SOS consultants deliver a VoIP workshop at Def Con 23 USA
  • SOS consultants deliver a sell out tutorial at AusCERT’15 on Red Teaming
  • SOS consultant presents training at Troopers 2015
  • SOS Consultant presents at Kiwicon 2014
  • SOS Consultant presents at DEF CON 22 and Black Hat USA 2014
  • Presentation at HITB 2014 conference in Amsterdam
  • Sense of Security’s participation at AusCERT 2014
  • SOS Consultant presents at Kiwicon 2013
  • SOS Consultant presents at Ruxcon 2013
  • SOS delivers presentation at Def Con 21 and Black Hat USA 2013
  • AusCERT2012
  • Sense Of Security’s GRC Practice Lead presents “Managing Security in the Cloud”
  • “Penetration Testing – A Guide To Achieving Better Outcomes” Whitepaper
  • Murray Goldschmidt interview about security to the SME sector
  • Rust Report’s “Who’s Who of Aussie IT” includes SOS
  • SOS COO interviewed by SBS News on Cyber Terrorism after AFP landmark hacking investigation
  • Australian Business Award for Community Contribution
  • Murray Goldschmidt interviewed on ABC Radio, Statewide Queensland, on Phone Hacking
  • CSO Online – Interview about data security and privacy
  • SOS interviewed on recent hacking events
  • Murray Goldschmidt interviewed on Cyber Hacking
  • CSO Magazine May 2011 – interview about IT Governance
  • SOS Consultant presents on Virtualisation Security to the SCADA Community of Interest in Brisbane on May 19, 2011 and June 15, 2011 in Melbourne.
  • SOS Director to address delegates at Smart Electricity World on Securing the Smart Grid
  • Sony PlayStation Network Breach interview
  • SOS Director interviewed for IT Security Article in industry magazine Risk Management
  • Australian Fundraising and Philanthropy Magazine publishes article on Data Security
  • Channel Ten – Interview on parliamentary email hacks
  • PCI DSS Compliance article for the Owners Corporation/Strata Management Industry
  • SOS has been selected to speak at AusCERT 2011
  • SOS consultant interviewed by The Register regarding Smart Phone Security presentation from AISA National Conference 2010
  • ZDNet publishes an article about SOS iPhone research and AISA National Conference 2010 presentation by an SOS consultant
  • Murray Goldschmidt interviewed on Channel Ten news on the prevalence of cybercrime in Australia
  • Vulnerability research and disclosure interview – Computer Weekly
  • Murray Goldschmidt chairs and presents at Australia’s 2nd Annual PCI DSS Compliance Conference, 2010.
  • SOS consultant to present on Smart Phone Security at AISA National Conference 2010
  • Presentation at the 2010 NiUG Asia Pacific Discovery Conference
  • SOS CTO interviewed on Channel Ten news on phishing
  • Murray Goldschmidt addressed the Oceania CACS2010 – Masters of Change Conference
  • SOS has received iAwards 2010 NSW Merit Commendation Award in the category: Security Application
  • Australian GovLink Magazine article – Virtualisation Security
  • SOS consultant quoted on ZDNet in relation to anti-virus vulnerability
  • Virtualisation Security presentation at AISA
  • Zdnet – SOS quoted in relation to Apache flaw
  • SOS releases security advisory for Apache vulnerability
  • Security advisory – TheGreenBow vulnerability
  • Sense of Security appointed to the WA Government ICT Services Contract Panel
  • Sense of Security’s COO Murray Goldschmidt presents at and chairs PCI DSS conference in Sydney
  • SOS ranks in Deloitte Technology Fast 50… again!
  • SafeNet SoftRemote vulnerability security advisory
  • SOS joins ranks of BRW’s Fast 100
  • SOS announced as Winner in 2009 ActionCOACH My Business Awards
  • SOS enters Deloitte Technology Fast 50 competition
  • Finalists in the 2009 ActionCOACH My Business Awards
  • SOS releases security advisory for Piwigo
  • SOS enters BRW Fast 100 competition
  • SOS releases security advisory for Plume CMS
  • ISACA Keynote briefing: PCI Compliance – A Business Issue
  • SOS releases security advisory for XOOPS CMS
  • Murray Goldschmidt presented at Public Sector Information Security Conference
  • CRN July 2009 edition – Sense of Security profiled in leading industry magazine
  • Security advisory – IBM Lotus Sametime
  • SOS consultant interviewed on Risky Business about VoIP security
  • Sense of Security Joins Ranks of BRW’s Fast 100 in 2009
  • SOS consultant presented on PCI at AISA branch meeting
  • Dept of Infrastructure, Transport, Regional Development and Local Government appoints SOS to the IT Services Panel
  • SOS consultant presented on Managing and Securing Web 2.0
  • SOS releases security advisory for Magento
  • SOS releases security advisory for Libero
  • SOS consultant to present at AusCERT 2009 on virtualisation security
  • SOS consultant presented at AISA annual seminar day on virtualisation security
  • SOS recipient of Deloitte Technology Fast 50 award
  • MT interview about good security practices
  • ZDNet Australia – Interview on BlackBerry PDF flaw
  • Australian IT interview on PCI standards
  • Sense of Security consultant quoted in ZDNet article “Should staff swim naked on the Internet?”
  • SOS consultant interviewed on Channel 10 and SBS news on data leakage
  • SOS consultant interviewed on Phishing in MX magazine
  • SOS consultant presented at SecurityPoint 2008

Landing Pages

Heros

• The State of the Internet Perimeter in Australia
• The State of Web Application Security in Australia
• Incident Response
• Cloud Security
• Red Teaming

Related Items

• Sense of Security – Security Advisory – SOS-19-001 – XML External Entities Injection (XXE) in XNAT 1.7
• Sense of Security – Security Advisory – SOS-18-003 – Inteset Secure Lockdown Standard Edition – Privilege Escalation and Insecure Cryptographic Storage
• Sense of Security – Security Advisory – SOS-18-002 – CA Workload Automation AE SQL Injection
• Sense of Security – Security Advisory – SOS-18-001 – CA Workload Automation AE RCE
• Secure Mobile App Development – Tutorial
• DevOps Security Automation – Tutorial
• Security Advisory – BSD lpd Access Control Bypass
• AISA 2017 – DevOps Cyber Attack Kill Chain with Automated Security Response and Visibility
• RSA 2017 presentation – Overcoming the Challenges of Security Automation in DevOps
• Denial of Service (DoS & DDos) Testing Services
• Tutorial: Security Automation in DevOps
• Workshop: Principles in Secure Web Application Development
• DevSecOps – Securing the Stack
• Advanced Security Automation for DevOps – presented at ACSC 2017
• Security Advisory – Emsisoft Anti-Malware Behavior Blocker Bypass
• DevSecOps – Agility with Security
• Red Teaming – an option for all Enterprises
• ACSC Conference 2016 – DevOps, a How To for Agility with Security
• How to Secure the Internet of Everything
• Why Companies are Exposed to Social Engineering
• Whitepaper: Penetration Testing – A Guide to Achieving Better Outcomes
• Skype for Business Security
• Security Advisory – Microsoft Skype for Business 2016 Unauthorised Script Execution Vulnerability
• AusCERT 2014 – Pierre Tagle – Sense of Security – PCIDSS The Trilogy – Adapting Compliance to Version 3
• Security Advisory – ClickSoftware ClickSchedule Multiple Security Vulnerabilities
• Security Advisory – ClickSoftware ClickMobile Multiple Security Vulnerabilities
• SOS to deliver two presentations and a tutorial at AusCERT2012
• Security Advisory – Splendid CRM XML External Entity Injection (XXE) Vulnerability
• Sense of Security – Security Advisory – SOS-15-001 – tcpdump Memory Disclosure Vulnerability
• Sense of Security – Security Advisory – SOS-14-005 – SAP NetWeaver Business Client for HTML
• Security Advisory – SAP Work Manager, SAP CRM Service Manager and iOS Client
• Kiwicon 2014 Practical-VoIP-Hacking-with-Viproy
• Sense of Security – Security Advisory – SOS-14-003 – Cisco CUCDM Self Care Portal
• Sense of Security – Security Advisory – SOS-14-002 – Cisco CUCDM Administration Portal
• Security Advisory – Cisco CUCDM IP Phone Services
• Sense of Security Corporate Brochure
• AusCERT 2014 – Pierre Tagle – Sense of Security – Privacy Act II (The Sequel) – Considerations for the Tech Sector
• AusCERT 2014 – Joshua Cavalier – Shawn Thompson – In Crypto We Trust, or do we – Dragging privacy back to the 90s
• Sense of Security Public Sector Capability Overview 09Oct13
• Sense of Security Technical Assurance Practice Overview 09Oct13
• Sense of Security_GRC Practice Overview
• About Penetration Testing
• Hack-In-The-Box Amsterdam 2014 – Cross-Site Scripting Your Way to Shell
• Botnets-of-the-Web-How-to-Hijack-One
• Security Advisory – Juniper Junos J-Web Privilege Escalation Vulnerability
• Data Breach Notification Article
• Security Advisory – Mi-Token Enterprise Edition and API Edition – Brute-Force Vulnerability
• Security Advisory – Google Active Directory Sync Tool Vulnerability
• Sense of Security – Security Advisory – SOS-12-011 – SilverStripe CMS Multiple Vulnerabilities
• Security Advisory – FileBound Privilege Escalation Vulnerability
• Sense of Security – Security Advisory – SOS-12-009 – Ektron CMS Multiple Vulnerabilities
• Security Advisory – Elcom CMS – Community Manager Insecure File Upload Vulnerability
• Sense of Security – Security Advisory – SOS-12-007 – Squiz Matrix Multiple Vulnerabilities
• Sense of Security – Security Advisory – SOS-12-006 – QNAP Turbo NAS Multiple Vulnerabilities
• Mobility Security: Help! My Mobile Device Is Spying on Me
• AusCERT2012 – Mobility Security: Help! My Mobile Device Is Spying on Me
• Security Advisory – Netgear WNDRMAC Exposure of Sensitive Information Vulnerability
• Cyber Security: Essential Issues for the NFP Sector
• Visibility and Control of your Cloud Service Provider
• Security in the Cloud: Visibility & Control of your Cloud Service Providers
• Sense of Security – Security Advisory – SOS-12-004 – Aurora WebOPAC SQL Injection Vulnerability
• Sense of Security – Security Advisory – SOS-12-003 – Iciniti Store SQL Injection Vulnerability
• Security Advisory – Symfony2 Local File Disclosure Vulnerability
• Security Advisory – Snom IP Phone Privilege Escalation and CSRF Vulnerability
• Cyber Security for Government Conference: Penetration Testing – How Government Can Achieve Better Outcomes
• Security Advisory – WordPress Plugin BackWPUp 2.1.4 Remote/Local Code Execution Vulnerability
• Security Advisory – NETGEAR Wireless Cable Modem Gateway CG814WG Auth Bypass and CSRF.
• Security Advisory – Cisco TelePresence Multiple Vulnerabilities
• Security Advisory – Oracle Sun GlassFish Enterprise Server Stored XSS Vulnerability
• Smart Electricity World Conference – Securing the Smart Grid
• Security Advisory – Foxit Reader 4.3.1.0218 Multiple Memory Corruption Vulnerabilities
• Security Advisory – PHPCaptcha / Securimage Authentication Bypass
• SCADA CoI – Virtualisation Security for Regulated Environments (IACS)
• AusCERT 2011: Virtualisation Security for Regulated Environments
• Security Advisory – Cisco Unified Operations Manager Multiple Vulnerabilities
• IT governance around application security still MIA – CSO Magazine, IDG Interview May 2011
• Security Advisory – Proofpoint Protection Server Cross-Site Scripting Vulnerability
• Data Security published in the Australian Fundraising and Philanthropy Magazine
• Sense of Security – Security Advisory – SOS-11-004 – cPassMan v1.82 Arbitrary File Download
• Security Advisory – WordPress plugin BackWPup Remote and Local Code Execution
• iPhone Security
• Data Security for the Not For Profit Sector
• PCI DSS Compliance for the Not For Profit Sector
• Security Advisory – PHP Blog Insert Authentication Security Bypass
• Sense of Security – Security Advisory – SOS-11-001 – Adobe Reader 9.4.1 Infinite Loop Condition
• Security Advisory – Elcom Technology’s CommunityManager.NET Auth Bypass Vulnerability
• Smart Phone Security
• Virtualisation Security for PCI Environments
• Security Advisory – Adobe Reader 9.3.4 Multiple Memory Corruption Vulnerabilities
• Mobility and Application Security
• Virtualisation Security; Focus on the Fundamentals
• Virtualisation Security published in the Australian GovLink Magazine
• Security Advisory – Apache 2.2.14 modisapi Dangling Pointer Vulnerability
• Security Advisory – TheGreenBow VPN Client Local Stack Overflow
• Achieving PCI Compliance – Long and Short Term Strategies
• Enable Business through Secure Web Based Applications
• Business Opportunity Enablement through Information Security Compliance
• Security Advisory – SafeNet SoftRemote Local Buffer Overflow Vulnerability
• SaaS. What is the impact on Security?
• Importance of Information Security
• Sense of Security – Security Advisory – SOS-09-007 – Piwigo SQL Injection Vulnerability
• Security Advisory- Plume CMS Multiple SQL Injection Vulnerabilities
• PCI Compliance – A Business Issue – ISACA Keynote Session
• Addressing the security challenges of two emerging technologies: Mobility and Web2.0 – Public Sector Information Security Conference
• Security Advisory – XOOPS Multiple Cross-Site Scripting Vulnerabilities
• Security Advisory – Lotus Sametime User Enumeration Vulnerability
• PCI Compliance: What Australian Businesses Need to Know
• Virtualisation: Pitfalls in Corporate VMware Implementations – AusCERT2009
• Security Advisory – Infor SCM SupplyWEB Multiple Vulnerabilities
• Where PCI stands today: Who needs to do What, by When – AISA
• Managing and Securing Web 2.0
• Security Advisory – Magento Multiple Cross-Site Scripting Vulnerabilities
• Sense of Security – Security Advisory – SOS-09-001 – Libero Cross-Site Scripting Vulnerability