Dev Team(s) Struggling with Security?


Let us help you reduce defects early in the software development life-cycle.
Thus significantly reduce costs downstream.

Services

What Differentiates Us

If you are looking to reduce the number of security defects produced by your development team(s), and increase their productivity, BinaryMist can work with you to achieve this. We are focussed on helping you create value rather than trading time for money. Read what our customers say about us.

Bug Free Guarantee

For development work, we stand behind the software we produce. In-fact, we are so confident, that if you find a bug in the software we produce for you within six months (sometimes longer), we will fix it for free.

purpleteam

Automated security regression testing of your web applications and APIs, no setup required.

1. Write test conditions -> convert to Cucumber
2. Provide minimal configuration
3. Consume node CLI package
4. Run single command purpleteam test
Perfect for your CI/nightly build

Development Team Security Teardown $995NZ + GST

We can provide insight into potential issues/defects that are not obvious with your Development Team(s):
• Development Process
• System Being Developed
Our Teardown can provide the needed visibility in order to make the improvements.

Development Team Security Roadmap $2995NZ + GST

Too many security defects in your Development Team(s) deliverables?
External security reviews too costly?

Let us create a security roadmap for your Development Team(s).

Security Strategy Retainer $3495NZ + GST

Our agreement entitles you to unlimited 1 on 1 access to Kim via phone, SMS, email, Slack, Skype, Signal, etc. Participation is limited to 10 people. Fee is for four months.

Building Security into Your Development Teams (workshop) $495 + GST per student

Full Day Interactive Workshop focussing on building security into your Development Team(s).

Christchurch Hacker Con


The third CHCon:


A conference aiming to raise awareness and skill levels of information security within our community.

Numisec Pte.

Security Review - Node.js Microservices

Stefan Streichsbier

Numisec Pte. Ltd

Mobiddiction

DevOps Implementation & Security Review

OWASP New Zealand Day


The ninth conference of its kind.

Dedicated to information security, with an emphasis on secure architecture and development techniques to help Kiwi developers build more secure applications.

Peter Montgomery

InventoryTech Ltd

MYOB

DevSecOps & AWS Migration

Lana Winders

SBS Bank

Development Team Security Implementation

Your Development Team(s) are struggling to create secure software. Your business is paying too much for security reviews, and penetration testing at the end of the project.

Your customers want to be certain that their personal data is secure. You could be saving significant expenditure on security and software development in general.

Security Review, Penetration Testing

You need to be sure that what your development team(s) are creating is going to withstand the onslaught of those tasked with breaking your deliverables, and stealing your customers data.

Your customers want to be certain that their personal data is secure. You need your product to stand-up to those that are going to attack it.

InventoryTech

Transitioning, architecture & development

Lentune

Architectural & Security Consulting

David Gadsby

Platinum Recruitment Ltd

SBS Bank

Personal Internet Banking

Andrew Balfour

Solvam Corporation Ltd

School-Links

Process Improvement. Back End Re-Architect

Hindin Solutions

Architectural Consulting & Development

Pivot Software

Architectural Consulting

King's Church

Security Assessment

Christchurch City Council

Integration Development

Engela Pretorius

Christchurch City Council

Ming Yii

Christchurch City Council

Joe Kearns

Double-O Consultants

James Pinamonti

IAG, New Zealand

Kim’s Books

Kim is an avid writer on technical topics, be sure to review his releases.
Self Hosted, LeanPub, and Amazon, 2018

Projects

purpleteam

Automated security regression testing of your web applications and APIs, no setup required.

1. Write test conditions -> convert to Cucumber
2. Provide minimal configuration
3. Consume node CLI package
4. Run single command purpleteam test
Perfect for your CI/nightly build

Development Team Security Teardown $995NZ + GST

We can provide insight into potential issues/defects that are not obvious with your Development Team(s):
• Development Process
• System Being Developed
Our Teardown can provide the needed visibility in order to make the improvements.

Development Team Security Roadmap $2995NZ + GST

Too many security defects in your Development Team(s) deliverables?
External security reviews too costly?

Let us create a security roadmap for your Development Team(s).

Security Strategy Retainer $3495NZ + GST

Our agreement entitles you to unlimited 1 on 1 access to Kim via phone, SMS, email, Slack, Skype, Signal, etc. Participation is limited to 10 people. Fee is for four months.

Building Security into Your Development Teams (workshop) $495 + GST per student

Full Day Interactive Workshop focussing on building security into your Development Team(s).

Christchurch Hacker Con


The third CHCon:


A conference aiming to raise awareness and skill levels of information security within our community.

Numisec Pte.

Security Review - Node.js Microservices

Stefan Streichsbier

Numisec Pte. Ltd

Mobiddiction

DevOps Implementation & Security Review

OWASP New Zealand Day


The ninth conference of its kind.

Dedicated to information security, with an emphasis on secure architecture and development techniques to help Kiwi developers build more secure applications.

Peter Montgomery

InventoryTech Ltd

MYOB

DevSecOps & AWS Migration

Lana Winders

SBS Bank

Development Team Security Implementation

Your Development Team(s) are struggling to create secure software. Your business is paying too much for security reviews, and penetration testing at the end of the project.

Your customers want to be certain that their personal data is secure. You could be saving significant expenditure on security and software development in general.

Security Review, Penetration Testing

You need to be sure that what your development team(s) are creating is going to withstand the onslaught of those tasked with breaking your deliverables, and stealing your customers data.

Your customers want to be certain that their personal data is secure. You need your product to stand-up to those that are going to attack it.

InventoryTech

Transitioning, architecture & development

Lentune

Architectural & Security Consulting

David Gadsby

Platinum Recruitment Ltd

SBS Bank

Personal Internet Banking

Andrew Balfour

Solvam Corporation Ltd

School-Links

Process Improvement. Back End Re-Architect

Hindin Solutions

Architectural Consulting & Development

Pivot Software

Architectural Consulting

King's Church

Security Assessment

Christchurch City Council

Integration Development

Engela Pretorius

Christchurch City Council

Ming Yii

Christchurch City Council

Joe Kearns

Double-O Consultants

James Pinamonti

IAG, New Zealand

Portfolio

purpleteam

Automated security regression testing of your web applications and APIs, no setup required.

1. Write test conditions -> convert to Cucumber
2. Provide minimal configuration
3. Consume node CLI package
4. Run single command purpleteam test
Perfect for your CI/nightly build

Development Team Security Teardown $995NZ + GST

We can provide insight into potential issues/defects that are not obvious with your Development Team(s):
• Development Process
• System Being Developed
Our Teardown can provide the needed visibility in order to make the improvements.

Development Team Security Roadmap $2995NZ + GST

Too many security defects in your Development Team(s) deliverables?
External security reviews too costly?

Let us create a security roadmap for your Development Team(s).

Security Strategy Retainer $3495NZ + GST

Our agreement entitles you to unlimited 1 on 1 access to Kim via phone, SMS, email, Slack, Skype, Signal, etc. Participation is limited to 10 people. Fee is for four months.

Building Security into Your Development Teams (workshop) $495 + GST per student

Full Day Interactive Workshop focussing on building security into your Development Team(s).

Christchurch Hacker Con


The third CHCon:


A conference aiming to raise awareness and skill levels of information security within our community.

Numisec Pte.

Security Review - Node.js Microservices

Stefan Streichsbier

Numisec Pte. Ltd

Mobiddiction

DevOps Implementation & Security Review

OWASP New Zealand Day


The ninth conference of its kind.

Dedicated to information security, with an emphasis on secure architecture and development techniques to help Kiwi developers build more secure applications.

Peter Montgomery

InventoryTech Ltd

MYOB

DevSecOps & AWS Migration

Lana Winders

SBS Bank

Development Team Security Implementation

Your Development Team(s) are struggling to create secure software. Your business is paying too much for security reviews, and penetration testing at the end of the project.

Your customers want to be certain that their personal data is secure. You could be saving significant expenditure on security and software development in general.

Security Review, Penetration Testing

You need to be sure that what your development team(s) are creating is going to withstand the onslaught of those tasked with breaking your deliverables, and stealing your customers data.

Your customers want to be certain that their personal data is secure. You need your product to stand-up to those that are going to attack it.

InventoryTech

Transitioning, architecture & development

Lentune

Architectural & Security Consulting

David Gadsby

Platinum Recruitment Ltd

SBS Bank

Personal Internet Banking

Andrew Balfour

Solvam Corporation Ltd

School-Links

Process Improvement. Back End Re-Architect

Hindin Solutions

Architectural Consulting & Development

Pivot Software

Architectural Consulting

King's Church

Security Assessment

Christchurch City Council

Integration Development

Engela Pretorius

Christchurch City Council

Ming Yii

Christchurch City Council

Joe Kearns

Double-O Consultants

James Pinamonti

IAG, New Zealand

Recent Posts

More Posts

Do you want to improve your information security skills and knowledge as a Software Engineer? Let’s all learn together. I’m on a continual learning journey and keen to share my learnings with you. We can collaborate and bounce ideas off each other. Subscribe to new blog posts here.

Kim

The legacy BinaryMist blog is at blog.binarymist.net.

Discussion about Kim’s new book on Cloud Security, some of the content, and links to other useful resources around securing your Cloud environments.

CONTINUE READING

Discussion about Kim’s new book on Docker Security, some of the content, and links to other useful resources around securing your Docker deployments.

CONTINUE READING

Adding Staticman commenting system to BinaryMist blog and Hugo Academic

CONTINUE READING

In this post we discuss the move from the legacy BinaryMist blog on Wordpress.com, along with the BinaryMist website, to a single static site on the Hugo platform hosted on Github Pages.

CONTINUE READING

The shared responsibility model is one that many have not grasped or understood well. Let’s look at the responsibilities of the parties.

CONTINUE READING

Talks & Workshops

More Talks

Kim delivers high quality information security talks and workshops at conferences and private events around the world.

Most of Kims talks and workshops are focussed around demonstrating and demystifying how easy it is to break into software and networks, followed with how you can rectify the demonstrated vulnerabilities, and make this part of your development teams process, rather than finding and fixing the defects once in production. This has the benefit of saving significant expenditure due to finding and fixing defects late in the development life-cycle.

Presentation style

A huge amount of effort goes into Kims talks and workshops, continuing to refine his approach over time based on the feedback he receives. Kims talks and workshops usually contain a large amount of technical information coupled with an entertainment factor to help keep listeners and trainees engaged.

Speaking at your event

If you’d like Kim to speak at your event, get in touch via the contact section.

Running a workshop for you

If you’d like Kim to run a workshop at your event or private offices, get in touch via the contact section.

Recent and upcoming public Presentations and Workshops

Conference - OWASP New Zealand Day
Apr 20, 2017 9:00 AM

Tags

acceptance-criteria aggregation agile algorithm amd angular application-security archipel architecture architecture-engineering-portfolio arp-poisoning arp-spoof asic async asynchronicity asyncjs atdd ath9k-htc atheros backbone backups bcrypt bdd bithound blowfish book bootstrap burp-suite c-sharp callback callback-nesting capabilities captcha ci cipher closure cloud cloud-security code-review coding-standards commonjs composition concurrency conference continuous-deployment continuous-integration control-groups cracking crypto cryptography csrf css css3 cucumber currying cybersecurity dbc dd debian deep-callback-nesting definition-of-done deployment design-patern design-pattern dev-ops dev-sec-ops development-methodologies development-team-security-service devops-portfolio dmz docker dot-net dry dsniff dummy ecma-script ecma-script-3 ecma-script-5 ecma-script-6 eksblowfish ember encapsulation encryption es3 es5 es6 esxi event-emitter exim express fake fakeiteasy faking fgdump field-programmable-gate-arrays filtering fire-wall forever fpga free-and-open-source freebsd freenas ftp function functional-programming garbage-collection gc gherkin git gnu-linux go gpg gpu grunt gulp hacking handlebars hardware hash-dump hashing hids hips hmac holistic-info-sec-for-web-developers hugo hydra hypervisor ids information-hiding information-security infosec inheritance ioc ips jade javascript jenkins jshint justmock kali kali-linux kdf key-derivation-function kubernetes kvm less linux logging lsass lsm lsp machine.specification macof marionette md5 metasploit mimikatz mitm mocha mock mocking module monit moq morgan mspec mta mvc mvp namespaces network-security networking nfs nids nightly-build nips nmap nmock nodejs nodemailer nodemon npm nspec nsubstitute ntp operational-efficiencies organisational-security-service ossec owasp owasp-nz-day owasp-top-10 owasp-zap parallelisation partial-function-application passenger pbkdf2 penetration-testing people-security performance pgp physical-security pm2 podcast polymorphism portfolio posix power-shell preprocessor prf productised-service project promise promises-a+ prototypal-inheritance prototype proxmox ps psake pseudorandom-function publication purpleteam rdp reconnaissance recursion relp requirejs requiresafe responsive-design retirejs retrospective reverse-engineering rhino-mocks rsync rsyslog safenuget salt sanitisation sass scp scrum scrypt scss sdlc seccomp secure-boot security security-portfolio security-regression-testing security-weaknesses selenium serverless service sha-1 sha-2 sha-256 smb-cifs sniffing software software-security solid specflow specification-by-example sql-injection ss ssh stdd stealth stub stubbing stylus substitute supervisor sys-admin syslog systemd sysvinit talk tcp tdd telnet terminal test test-conditions testimonial testing tl-wn722n tls ubcd udp uefi underscore ups upstart validation virtualbox virtualisation visual-studio vmware vps vps-security waf wce wcf web web-application web-application-security web-security webassembly wi-fi windows winston winston-syslog winston-syslog-posix wireless wireless-networking wireshark workshop xbehave xen xen-server xspec xss zap

Contact