Dev Team(s) Struggling with Security?


Let us help you reduce defects early in the software development life-cycle.
Thus significantly reduce costs downstream.

Services

What Differentiates Us

We walk the talk, our customers back us up. We can offer fixed price projects. We provide 247 access to our consultant. We are used to working in multiple time zones. If you are looking to reduce the number of security defects produced by your development team(s), and increase their productivity, BinaryMist is your obvious choice.

Development Team Security Roadmap $2995NZ + GST

Too many security defects in your development team(s) deliverables?
External security reviews too costly?

Let us create a security roadmap for your development team(s).

Security Strategy Retainer $3495NZ + GST

Our agreement entitles you to unlimited 1 on 1 access to Kim via phone, SMS, email, Slack, Skype, Signal, etc. Participation is limited to 10 people. Fee is for four months.

Building Security into Your Development Teams (workshop) $500 + GST per student

Full Day Interactive Workshop focussing on building security into your development team(s).

Christchurch Hacker Con

The second CHCon: A conference aiming to raise awareness and skill levels of information security within our community.

Numisec Pte.

Security Review - Node.js Microservices

Stefan Streichsbier

Numisec Pte. Ltd

Mobiddiction

DevOps Implementation & Security Review

OWASP New Zealand Day

The ninth conference of its kind. Dedicated to information security, with an emphasis on secure architecture and development techniques to help Kiwi developers build more secure applications.

Peter Montgomery

InventoryTech Ltd

MYOB

DevSecOps & AWS Migration

Lana Winders

SBS Bank

Development Team Security Implementation

Your development team(s) are struggling to create secure software. Your business is paying too much for security reviews, and penetration testing at the end of the project.

Your customers want to be certain that their personal data is secure. You could be saving significant expenditure on security and software development in general.

Security Review, Penetration Testing

You need to be sure that what your development team(s) are creating is going to withstand the onslaught of those tasked with breaking your deliverables, and stealing your customers data.

Your customers want to be certain that their personal data is secure. You need your product to stand-up to those that are going to attack it.

InventoryTech

Transitioning, architecture & development

Lentune

Architectural & Security Consulting

David Gadsby

Platinum Recruitment Ltd

SBS Bank

Personal Internet Banking

Andrew Balfour

Solvam Corporation Ltd

School-Links

Process Improvement. Back End Re-Architect

Hindin Solutions

Architectural Consulting & Development

Pivot Software

Architectural Consulting

King's Church

Security Assessment

Christchurch City Council

Integration Development

Engela Pretorius

Christchurch City Council

Ming Yii

Christchurch City Council

Joe Kearns

Double-O Consultants

James Pinamonti

IAG, New Zealand

Selected Publications

A three part book series focused on lifting the security knowledge of Software Developers, Engineers, and their teams, so that they can continuously deliver secure technical solutions on time and within budget, without nasty surprises.

First book is complete, second book is content complete and currently in technical review.
Self Hosted & LeanPub, 2017.

Projects

Development Team Security Roadmap $2995NZ + GST

Too many security defects in your development team(s) deliverables?
External security reviews too costly?

Let us create a security roadmap for your development team(s).

Security Strategy Retainer $3495NZ + GST

Our agreement entitles you to unlimited 1 on 1 access to Kim via phone, SMS, email, Slack, Skype, Signal, etc. Participation is limited to 10 people. Fee is for four months.

Building Security into Your Development Teams (workshop) $500 + GST per student

Full Day Interactive Workshop focussing on building security into your development team(s).

Christchurch Hacker Con

The second CHCon: A conference aiming to raise awareness and skill levels of information security within our community.

Numisec Pte.

Security Review - Node.js Microservices

Stefan Streichsbier

Numisec Pte. Ltd

Mobiddiction

DevOps Implementation & Security Review

OWASP New Zealand Day

The ninth conference of its kind. Dedicated to information security, with an emphasis on secure architecture and development techniques to help Kiwi developers build more secure applications.

Peter Montgomery

InventoryTech Ltd

MYOB

DevSecOps & AWS Migration

Lana Winders

SBS Bank

Development Team Security Implementation

Your development team(s) are struggling to create secure software. Your business is paying too much for security reviews, and penetration testing at the end of the project.

Your customers want to be certain that their personal data is secure. You could be saving significant expenditure on security and software development in general.

Security Review, Penetration Testing

You need to be sure that what your development team(s) are creating is going to withstand the onslaught of those tasked with breaking your deliverables, and stealing your customers data.

Your customers want to be certain that their personal data is secure. You need your product to stand-up to those that are going to attack it.

InventoryTech

Transitioning, architecture & development

Lentune

Architectural & Security Consulting

David Gadsby

Platinum Recruitment Ltd

SBS Bank

Personal Internet Banking

Andrew Balfour

Solvam Corporation Ltd

School-Links

Process Improvement. Back End Re-Architect

Hindin Solutions

Architectural Consulting & Development

Pivot Software

Architectural Consulting

King's Church

Security Assessment

Christchurch City Council

Integration Development

Engela Pretorius

Christchurch City Council

Ming Yii

Christchurch City Council

Joe Kearns

Double-O Consultants

James Pinamonti

IAG, New Zealand

Portfolio

Development Team Security Roadmap $2995NZ + GST

Too many security defects in your development team(s) deliverables?
External security reviews too costly?

Let us create a security roadmap for your development team(s).

Security Strategy Retainer $3495NZ + GST

Our agreement entitles you to unlimited 1 on 1 access to Kim via phone, SMS, email, Slack, Skype, Signal, etc. Participation is limited to 10 people. Fee is for four months.

Building Security into Your Development Teams (workshop) $500 + GST per student

Full Day Interactive Workshop focussing on building security into your development team(s).

Christchurch Hacker Con

The second CHCon: A conference aiming to raise awareness and skill levels of information security within our community.

Numisec Pte.

Security Review - Node.js Microservices

Stefan Streichsbier

Numisec Pte. Ltd

Mobiddiction

DevOps Implementation & Security Review

OWASP New Zealand Day

The ninth conference of its kind. Dedicated to information security, with an emphasis on secure architecture and development techniques to help Kiwi developers build more secure applications.

Peter Montgomery

InventoryTech Ltd

MYOB

DevSecOps & AWS Migration

Lana Winders

SBS Bank

Development Team Security Implementation

Your development team(s) are struggling to create secure software. Your business is paying too much for security reviews, and penetration testing at the end of the project.

Your customers want to be certain that their personal data is secure. You could be saving significant expenditure on security and software development in general.

Security Review, Penetration Testing

You need to be sure that what your development team(s) are creating is going to withstand the onslaught of those tasked with breaking your deliverables, and stealing your customers data.

Your customers want to be certain that their personal data is secure. You need your product to stand-up to those that are going to attack it.

InventoryTech

Transitioning, architecture & development

Lentune

Architectural & Security Consulting

David Gadsby

Platinum Recruitment Ltd

SBS Bank

Personal Internet Banking

Andrew Balfour

Solvam Corporation Ltd

School-Links

Process Improvement. Back End Re-Architect

Hindin Solutions

Architectural Consulting & Development

Pivot Software

Architectural Consulting

King's Church

Security Assessment

Christchurch City Council

Integration Development

Engela Pretorius

Christchurch City Council

Ming Yii

Christchurch City Council

Joe Kearns

Double-O Consultants

James Pinamonti

IAG, New Zealand

Recent Posts

More Posts

The legacy BinaryMist blog is at blog.binarymist.net, with 104 posts over 8 years. I’ve included redirects to the most popular legacy posts.

This site is fully static, running on hugo and hosted on GitHub Pages. The source code is publicly available, if you see something that’s incorrect, please submit a pull request.

The shared responsibility model is one that many have not grasped or understood well. Let’s look at the responsibilities of the parties.

CONTINUE READING

Lack of captchas are a risk, but so are captchas themselves…

CONTINUE READING

Not being able to introspect your application at any given time or being able to know how the health status is, is not a comfortable place to be in and there is no reason you should be there.

CONTINUE READING

Redirects to legacy blog post.

This is where A9 (Using Components with Known Vulnerabilities) of the 2013 OWASP Top 10 comes in. We are consuming far more free and open source libraries than we have ever before. Much of the code we are pulling into our projects is never intentionally used, but is still adding surface area for attack. In this post we address the risks and countermeasures.

CONTINUE READING

Redirects to legacy blog post.

CONTINUE READING

Talks & Workshops

More Talks

Kim delivers high quality information security talks and workshops at conferences and private events around the world.

Most of Kims talks and workshops are focussed around demonstrating and demystifying how easy it is to break into software and networks, followed with how you can rectify the demonstrated vulnerabilities, and make this part of your development teams process, rather than finding and fixing the defects once in production. This has the benefit of saving significant expenditure due to finding and fixing defects late in the development life-cycle.

Presentation style

A huge amount of effort goes into Kims talks and workshops, continuing to refine his approach over time based on the feedback he receives. Kims talks and workshops usually contain a large amount of technical information coupled with an entertainment factor to help keep listeners and trainees engaged.

Speaking at your event

If you’d like Kim to speak at your event, get in touch via the contact section.

Running a workshop for you

If you’d like Kim to run a workshop at your event or private offices, get in touch via the contact section.

Recent and upcoming public Presentations and Workshops

Workshop - Web Developer Quiz Night
Jun 28, 2017 7:00 PM
Talk - Agile Security for Web Developers
Nov 29, 2016 4:00 PM

Tags

amd angular application-security architecture-engineering-portfolio arp-poisoning arp-spoof asic async asynchronicity asyncjs atdd ath9k-htc atheros backbone backups bcrypt bdd bithound blowfish book bootstrap burp-suite callback callback-nesting captcha ci cipher closure cloud cloud-security commonjs conference continuous-integration crypto cryptography css css3 currying cybersecurity debian deep-callback-nesting deployment design-patern design-pattern dev-ops development-team-security-service devops-portfolio dmz dot-net dsniff dummy ecma-script ecma-script-3 ecma-script-5 ecma-script-6 eksblowfish ember encapsulation encryption es3 es5 es6 esxi event-emitter exim express fake fakeiteasy faking fgdump field-programmable-gate-arrays fire-wall forever fpga free-and-open-source freebsd ftp function functional-programming garbage-collection gc git gnu-linux gpg gpu grunt gulp hacking handlebars hash-dump hashing hids hips hmac holistic-info-sec-for-web-developers ids information-hiding information-security infosec inheritance ips jade javascript jenkins jshint justmock kali kali-linux kdf key-derivation-function less linux logging lsass machine.specification macof marionette md5 metasploit mimikatz mitm mocha mock mocking module monit moq morgan mspec mta mvc mvp network-security networking nids nightly-build nips nmap nmock nodejs nodemailer nodemon npm nspec nsubstitute ntp operational-efficiencies organisational-security-service ossec owasp owasp-top-10 owasp-zap parallelisation partial-function-application passenger pbkdf2 penetration-testing people-security performance pgp physical-security pm2 podcast polymorphism portfolio posix power-shell preprocessor prf productised-service project promise promises-a+ prototypal-inheritance prototype ps psake pseudorandom-function publication reconnaissance recursion relp requirejs requiresafe responsive-design retirejs rhino-mocks rsyslog safenuget salt sanitisation sass scp scrum scrypt scss secure-boot security security-portfolio security-weaknesses selenium service sha-1 sha-2 sha-256 sniffing software-security specflow specification-by-example sql-injection ss ssh stdd stealth stub stubbing stylus substitute supervisor sys-admin syslog systemd sysvinit talk tcp tdd telnet test testimonial testing tl-wn722n tls udp uefi underscore upstart virtualbox virtualisation visual-studio vps vps-security waf wce web web-application web-application-security web-security wi-fi winston winston-syslog winston-syslog-posix wireless wireless-networking wireshark workshop xbehave xspec xss zap

Contact