Our approach
The following diagram outlines the client-centric approach ZX Security utilises to deliver engagements.
What we do
-
Cloud Security
Giving you a clear picture of your security posture in the cloud
- Cloud Security Maturity Assessments
- Cloud Security Professional Services
- Cloud Security Reviews
- Continuous Cloud Security Posture Management
-
Cyber Strategy and Risk
We can help you identify and assess the security posture of your systems and people.
- Risk / Privacy assessments
- Security Health Check
- Incident Response / Disaster Recovery
- Regulatory Support
- Security Roadmap / Programme of Work
- Security Training and Awareness
- Security Operations
- Software Development Life Cycle (SDLC)
- Security Policy Documentation
- Reporting
- Solution Design Review / Control Framework Alignment
- Board Advisor Service
- Due Diligence for Mergers & Acquisitions
- PSR Assessment, Roadmap and Uplift
- ISO/IEC 27001:2022 Implementation
-
Penetration Testing
Identifying security vulnerabilities in your applications and systems
- External Penetration Test
- Internal Penetration Test
- Red Team Engagement
- Website Penetration Test
- API Penetration Test
- Mobile Application Security Review
- Source Code Review
- Wi-Fi Penetration Test
- Host Hardening Review
- Phishing Exercise
- Specialist Testing
-
Training
We offer a wide-range of security-related courses
Social responsibility
ZX Security has been built understanding how Environmental, Social and Corporate Governance (ESG) can benefit a business far beyond the metric of financial success. Learn about some of our initiatives below
Hacking for Heroes
ZX Security gives away (approx.) 250 hours of cyber security consulting time to not-for-profit organisations
Green Team
The Green Team look at making ZX a more environmentally responsible and sustainable business.
Advisories
-
Security Feature Bypass In Zitadel — Race Condition
Zitadel was found to be vulnerable to a race condition, leading to the application processing numerous successful brute-force login attempts before triggering an account lockout. -
Zitadel one click silent account takeover — Multiple issues
The avatar upload functionality was found to be vulnerable to stored cross-site scripting via SVG's. -
Security Feature Bypass In ASP.NET and Visual Studio — Race Condition
The SignInManager in ASP.NET was found to be vulnerable to a Race Condition leading to thousands of successful brute-force login attempts before triggering an account lockout.View advisory: Security Feature Bypass In ASP.NET and Visual Studio
Insights
-
Green Team Tree Planting at Ōwhiro Bay
ZX Green Team gets muddy planting native trees. -
ZX Hosts 10 Brandon Street Green Team meeting
Last month ZX hosted the 10 Brandon Street Green Team meeting bringing together Green Teams from other companies in our building to share sustainability ideas. -
Setting off on our carbon neutral journey
We are thrilled to announce that we have officially set off on our carbon neutral journey with Toitū Envirocare!
Events
-
TuskCon
to
Cotton Tree Caravan Park, Maroochydore
Tuskcon is a two day hacker camp with an emphasis on hands on learning and activities, not death by powerpoint. -
BSides Canberra
to
Canberra, Australia
-
Code Camp Wellington
Wellington, Aotearoa