Product Security & Penetration Testing

Uncover hidden vulnerabilities in critical systems

A Penetration Test leverages the offensive expertise of our security team to simulate real-world attacks on your critical systems and applications.

By targeting vulnerabilities in your infrastructure, applications, or networks, we identify weaknesses that could be exploited by malicious actors. Our tailored approach uncovers misconfigurations, flawed application logic, and other security gaps that may have gone unnoticed.

The findings allow you to prioritise and remediate these vulnerabilities before they can be exploited, ensuring your systems remain secure while enhancing your overall security posture.  

Outcomes

Identify and remediate system specific security gaps

Uncover and remediate vulnerabilities in critical systems before threat actors can exploit them.

Increase overall security resilience

Strengthen overall organisational security by preventing attack through specific systems and networks.

Ensure regulatory compliance

Penetration testing is often required to meet various industry-specific regulatory standards (e.g., GDPR, PCI-DSS) by validating the effectiveness of security controls. 

Reinforce customer trust 

Demonstrate your organisation’s security maturity through the depth, breadth and frequency of your testing. 

Key Services

Programmatic Product Security & Penetration Testing 

Regular and on-going product security and penetration testing across defined areas, as part of your cyber program.

  • Web applications
  • Mobile applications
  • Internal networks
  • External networks
  • Wireless networks
  • Hardware and IOT

Custom Testing

Security testing on any technological component or large-scale system that requires deep expertise and a tailored approach.  

Our Product Security & Penetration Testing Experts

We bring unparalleled expertise in offensive security to the Australian and global market.

Shahar Zini

Shahar Zini previously served as CTO of an elite cyber technology department in the Israeli government. He had a significant role in leading the development and enhancement of the department's technological capabilities, while mentoring the new generation of cyber security professionals. Shahar won the Israeli Defence Award at the age of 25.

In addition, Shahar served as Chief Architect at XM Cyber, a pioneer in Breach and Attack Simulation technologies, where his work received numerous awards and patents.

Shahar commonly shares his passion about cyber security with his peers through CTF events he builds, and participation in leading conferences, including RSA.

Read more

Alex Hill

Alex is an offensive security specialist with a wide range of domestic and international experience. He previously led PwC’s Sydney-based cyber security team as a team lead, mentor, and technical cyber specialist. He personally designed and executed hundreds of bespoke offensive technical assessments and cyber uplifts for some of Australia’s biggest brands.

He prides himself on being able to not only break IT systems though – he also does the hands on building and fixing. Alex has been a go-to cyber specialist for Sydney’s fintech/ startup scene as a security architect – building mature, zero-trust corporate and cloud-only product environments.

He has personally operated live incident response teams for public companies performing the hands-on attack investigation, timelining, and remediation. And he filled in as a virtual CISO for one of Australia’s mid-tier banks for a little over a year.

Over the last few years Alex has continued to focus on the offensive red-team space where he excels at getting the most out of exercises by engaging closely with blue teams. As someone with experience breaking, building, and investigating, Alex is the ideal person to provide technical training to upskill defenders and help them get the most out of their tools.

Alex holds a Bachelor of Information Technology (Co-op) from the University of Technology Sydney and a list of cyber-specific testing and architecture certifications.

Read more

Chris Archimandritis

With well over a decade of cybersecurity experience, and almost twenty years of experience in different aspects of IT, Chris has led complex security assessments across every industry, spanning three continents. His experience includes both planning and executing sensitive engagements that encompass, among others, critical infrastructure, industrial and residential hardware, core financial and banking systems, purpose-built devices, and cutting-edge smart deployments.

During this time, Chris has also delivered trainings, workshops, and talks for conferences across the world and the APAC region, such as DefCon and AusCERT.

His previous experience as part of academic research groups has provided the tools to tackle any novel problem and assist organisations with cutting edge solutions and platforms.

Having performed engagements on all levels of abstraction, he not only able to both work on the tools as well as analyse and evaluate high level design, but most importantly is able to bridge the gap of management and engineers to provide the best possible strategy to enhance an organisation’s security posture.

His most recent research interests revolve around hardware security, industrial IoT, smart devices and enterprise data platforms.

Chris holds a Bachelor of Computer Science and a master’s degree in Information Systems and has attended several trainings by some of the world's foremost security experts.

Read more

Peter Szot

Peter is a senior penetration tester at Skylight Cyber specialising in Red Team and advanced persistent threat simulations. He has conducted several highly successful Red Team engagements against both locally and internationally situated clients with varying levels of security maturity, whilst achieving stealthy compromise of critical assets.

Constantly striving to improve methodologies, Peter regularly researches new vulnerabilities, and pushes the boundaries of existing technology stacks to circumvent protective measures and help security teams harden systems against modern threats.

Peter previously worked at several cybersecurity consulting companies, working on a vast range of products, from bespoke applications to critical telecommunication hardware.

As such, he has accumulated extensive experience in penetration testing and security assessments across several programming languages and development frameworks.

Peter graduated with Honours (first class) from the University of Sydney and holds a Bachelor of Information Technology.

Read more

Speak to our team

FAQs

What is the difference between a Red Team and a Penetration Test? 

A penetration test focuses on identifying and exploiting vulnerabilities in specific systems, networks, or applications, typically with a relatively narrow scope and timeframe. It simulates attacks to assess the security of specific elements of your environment. 


A red team engagement is broader and simulates a real-world, multi-faceted attack over a longer period. It tests not only technical controls but also the organisation’s people, processes, and overall security stack effectiveness. Red teams often operate covertly, mimicking sophisticated attackers to test how well an organization can detect and respond to threats across various vectors, including social engineering.

How is Penetration Testing different from vulnerability scanning? 

Vulnerability scanning is an automated process that identifies potential security issues, while penetration testing involves manual and automated testing by experts who actively try to exploit vulnerabilities to assess their real-world impact

 What types of systems can be tested?

Our penetration testing services cover a wide range of systems, including web applications, mobile applications, cloud environments, network infrastructure, and APIs.

How is the scope of a Penetration Test defined?

The scope of a penetration test is defined through a collaborative process between the client and the testing team. It involves identifying which systems, applications, networks, or data will be tested, and which areas are excluded. 

How long does a Penetration Test take?

The duration depends on the complexity of your systems and the scope of the test. Typically, a test can range from a few days to a few weeks. 

How often should Penetration Tests be performed?

It’s recommended to perform penetration tests at least annually or after significant system changes, such as updates, new deployments, or major infrastructure changes.

Is Penetration Testing mandatory for compliance?

In many industries, penetration testing is required to meet compliance standards like PCI-DSS, GDPR, and HIPAA. Even when not mandatory, it’s often strongly recommended for maintaining a strong security posture.