Cybersecurity

Offensive Security
We Break In Before They Do

We simulate real attack paths to uncovers what attackers will - before it costs you.

Get in touch

Get in touch

View services

View services

Certifications and Accrediations

DIA Marketplace

Nova Security is an approved supplier on the New Zealand Government DIA Marketplace under the "Source Code Application Review and Technical Testing" catalogue. This means we are authorised to deliver offensive security services in alignment with the AoG procurement standards.

OffSec Accredited

At Nova Security, our consultants are all OffSec accredited, holding certifications such as OSCE, OSCP, OSCE3, OSWP, OSWE, and OSEP. This ensures that our team possesses top-tier skills and expertise in identifying and mitigating security vulnerabilities. Trust our highly qualified professionals to provide comprehensive security assessments and actionable insights to protect your systems.

Our Services

  • Web Application Penetration Test

  • AI and LLM Penetration Test

  • External Network Penetration Test

  • API Penetration Test

  • Social Engineering Campaign

  • Mobile Application Penetration Test

  • Wireless Penetration Test

  • Internal Network Penetration Test

  • Web Application Penetration Test

  • AI and LLM Penetration Test

  • External Network Penetration Test

  • API Penetration Test

  • Social Engineering Campaign

  • Mobile Application Penetration Test

  • Wireless Penetration Test

  • Internal Network Penetration Test

Simulate Read-World Attacks

Penetration Testing

We emulate real adversaries to uncover exploitable vulnerabilities across your applications, infrastructure, and internal systems.

Applications

AI and LLM

Network

And More...

Harden Your Cloud Before It’s Exploited

Cloud Configuration Review

We identify misconfigurations, excessive permissions, and hidden attack paths across AWS, GCP, and Azure environments.

AWS

Azure

GCP

And More...

What topic would you like us to cover?

|

Turn Your Team into a Security-First Mindset

Security Awareness Training

Hands-on, attacker-informed training that teaches your team how breaches actually happen and how to stop them.

We can tailor the session based on your audience and the topics you want to cover.

Secure Development

LLM Integration

And More...

Secure code, any language

Security Code Review

We provide expert security code reviews to identify vulnerabilities, strengthen your application’s defenses, and ensure your software is resilient against real-world threats.

JavaScript

.Net

Ruby

And More...

  • // SPDX-License-Identifier: MIT
    pragma solidity ^0.8.0;
    contract AutomationTrigger {
    uint public threshold;
    string public status;
    constructor(uint _threshold) {
    threshold = _threshold;
    status = "inactive";
    }
    function checkTrigger(uint value) public returns (string memory) {
    if (value > threshold) {
    status = "active";
    return "Automation triggered!";
    } else {
    return "No action taken.";
    }
    }
    function getStatus() public view returns (string memory) {
    return string(abi.encodePacked("Status: ", status));
    }
    }
  • // SPDX-License-Identifier: MIT
    pragma solidity ^0.8.0;
    contract AutomationTrigger {
    uint public threshold;
    string public status;
    constructor(uint _threshold) {
    threshold = _threshold;
    status = "inactive";
    }
    function checkTrigger(uint value) public returns (string memory) {
    if (value > threshold) {
    status = "active";
    return "Automation triggered!";
    } else {
    return "No action taken.";
    }
    }
    function getStatus() public view returns (string memory) {
    return string(abi.encodePacked("Status: ", status));
    }
    }

Find out more here

Find out more here

Testimonials

From start to finish, the engagement with Nova Security for our penetration testing was first class in my opinion. The communication between Nova and us was excellent. The report was clear and comprehensive with excellent steps to reproduce the vulnerabilities that were found. It's been a pleasure working with you and I will definitely be recommending Nova Security to others.

Addressfinder

That is really unexpected and hard to see how this escaped detection with all the testing over the years.

Salesforce

This is a great discovery, and we appreciate your partnership to help us protect Microsoft customers.

Microsoft

Thanking you for finding not just one but two of the critical bugs in our identity system.

Shopify

From start to finish, the engagement with Nova Security for our penetration testing was first class in my opinion. The communication between Nova and us was excellent. The report was clear and comprehensive with excellent steps to reproduce the vulnerabilities that were found. It's been a pleasure working with you and I will definitely be recommending Nova Security to others.

Addressfinder

This is a great discovery, and we appreciate your partnership to help us protect Microsoft customers.

Microsoft

That is really unexpected and hard to see how this escaped detection with all the testing over the years.

Salesforce

Thanking you for finding not just one but two of the critical bugs in our identity system.

Shopify

Our Process

We keep a standardised process across our service deliveries.

Step 1

Scoping

Identify your needs and requirements, define the scope, and formalise expectations in a clear Statement of Work.

Analysing your requirements..

Scoping calls

Understand your requirements

Tailor to fit for your objectives

Statement of Work

Step 2

Pre Engagement

Align on resources, timelines, and requirements while initiating the project through a structured kick-off.

Confirm the resource and timeline

Requirement gathering

Kick off meeting

Step 3

Service Delivery

Execute the security review, validate findings, and produce a comprehensive, quality-assured report.

Our service

Your assets

Step 4

Post Engagement

Review results with stakeholders and optionally perform retesting to confirm remediation.

Walkthrough session

Retest if required

Promotion

Cake Challenge

We’re running a promotion to highlight our technical expertise.

Are you interested in a free security assessment of your system?

What's even better - if we find no bugs, you'll get delicious cakes on us!

It's a win-win: secure your system or enjoy a sweet treat!

Cake Challenge High-Level Overview:

1. Authorise us to test your system

2. We will attempt to identify one vulnerbility within three days

3. If we find a vulnerability, you’ll receive a detailed report with recommended remediation around that issue

4. If we don’t find any vulnerabilities, you’ll get a delicious cake of your choice to celebrate how secure your assets are

Are you interested in a free security assessment of your system?

What's even better - if we find no bugs, you'll get delicious cakes on us!

It's a win-win: secure your system or enjoy a sweet treat!

Cake Challenge High-Level Overview:

1. Authorise us to test your system

2. We will attempt to identify one vulnerbility within three days

3. If we find a vulnerability, you’ll receive a detailed report with recommended remediation around that issue

4. If we don’t find any vulnerabilities, you’ll get a delicious cake of your choice to celebrate how secure your assets are

Contact us for more details

Contact us for more details

Team

Gary Lu

Principal Security Consultant

Gary is a leading OSCP and OSCE3 certified security consultant with a background in software development. He is experienced in web application and API penetration testing, security code reviews, and cloud configuration reviews. He has several years of experience performing penetration testing for both the private sector and government agencies.

Gary Lu

Principal Security Consultant

Gary is a leading OSCP and OSCE3 certified security consultant with a background in software development. He is experienced in web application and API penetration testing, security code reviews, and cloud configuration reviews. He has several years of experience performing penetration testing for both the private sector and government agencies.

Ron Chan

Principal Security Consultant

Ron is an experienced penetration tester who has identified vulnerabilities in multiple major technology companies, including Amazon, Shopify, Uber, and more. He is also one of the first five people to achieve the one million dollar milestone in bug bounties on HackerOne, as featured in Forbes. Ron has discovered multiple account takeover vulnerabilities in Fortune 500 companies. He even presented one of his account takeover findings on Microsoft at the Black Hat USA conference.

Ron Chan

Principal Security Consultant

Ron is an experienced penetration tester who has identified vulnerabilities in multiple major technology companies, including Amazon, Shopify, Uber, and more. He is also one of the first five people to achieve the one million dollar milestone in bug bounties on HackerOne, as featured in Forbes. Ron has discovered multiple account takeover vulnerabilities in Fortune 500 companies. He even presented one of his account takeover findings on Microsoft at the Black Hat USA conference.

FAQs

How do we get started?

How long does a typical engagement take?

Will testing impact our systems or uptime?

What makes your penetration testing different?

Do you provide remediation guidance?

Start Securing Your Assets Today

Book a free call with us!

Book a free call with us!