Shea Security Pty Ltd

Who we are

Based in Melbourne and founded in 2018. Our work involves testing the security of computer systems, applications and networks. Additionally, we provide education and training to software developers and IT professionals based on our testing and research. We have considerable experience in penetration testing (pentesting) for some of Australia’s most widely known companies. This includes working closely with security engineers and managers as they continuously adjust and improve the security of their systems.

What we do

We offer products and services in a number of different areas, from consulting and training, to bespoke software development and custom Cosive-developed products. We work with you to identify enhancements you can make to improve your Security Operations. We can help you integrate best-of-breed security tools into your team’s workflow. We are focused on providing threat intelligence management platforms, security orchestration, intelligence feeds, integration and consulting services, STIX/TAXII consultancy, and incident response guidance. We also offer malware analysis solutions, endpoint protection, and intelligence enrichment systems.

Our services

As technical security experts we research and frequently identify circumstances that can lead to exploitation by malevolent actors. Our extensive security experience makes us highly skilled penetration testers, it also means we have great insights when it comes to security training.

Penetration Testing

Our testing techniques incorporate exploits and industry research for your deployed technologies. We build upon the requirements of the Open Web Application Security Project (OWASP) and the Penetration Testing Execution Standard (PTES).

All of our penetration testing and vulnerability assessments are performed by professional penetration testers and are commonly used to fulfil the Payment Card Industry Data Security Standards (PCI-DSS) mandated testing requirements.

We focus on delivering tailored security testing for your:

• Web applications
• Mobile applications
• Application Program Interfaces (APIs)
• Networks
• Physical products including IOT and embedded devices
• Perimeter testing and monitoring of your externally facing assets
• Source code reviews

Security Training

Building secure software and secure systems takes time and a positive internal security culture. Wherever you are on this journey, from just starting to more mature, we can help deliver programmes to strengthen your internal security culture among software developers, engineers, managers and general staff.

We have experience running internal private events and longer term programmes for some of Australia’s largest companies to uplift technical security training and awareness. Some of the events we have run include Capture the Flag competitions (CTFs), regular code review challenges plus security awareness for non-technical staff on anti-phishing, malware and password management best practices. We provide private training spanning a number of months or shorter bootcamp style classes that might run for several days or even one day.