People responsible for an organisation’s security are fighting against attackers that are becoming more numerous, and more advanced. Security assessments are the primary tool Ionize uses to demonstrate that these threats are not simply theoretical, but show what can actually be achieved by a skilled attacker. Specialising in broad scoped assessments, Ionize was founded to help organisation’s develop strategies to combat realistic threats. Drawing on our experience, we often demonstrate that the most damaging attacks leverage vulnerabilities you never knew existed within your network.


For many organisations, security assessments take place at the project level, incorporating an assessment as a milestone before deployment. While it’s fantastic that security is rightfully getting higher visibility, we’ve found in most cases the organisation is left vulnerable given the main attack targets don’t belong to any one project. Ionize attack simulations aims to give organisations a customised wide angle assessment of what risks exist for the entire organisation, and draws on our expertise to show the attack methods you never knew existed. Advantages of this assessment style include:
  • Organisation wide security assurance – Know how you stack up against the most likely attacks.
  • Blue team testing – Provide answers to how likely you are to detect an attack being undertaken.
  • Security strategy development – Learn the best places to focus your resources and budget for maximum protection.
  • Risk identification – Understand what attacks will cause the most impact to your business.
  • Security training – Ionize can walk through the engagement with defenders in a debrief session to help show what may have been missed.


Penetration testing allows our security experts to assess groups of systems for potential vulnerabilities. This helps prevent systems from going live which could allow attackers access to your most valuable data, or to quickly identify security flaws already present on your network. Identifying issues is only half the battle, and Ionize works with clients to implement suitable fixes and strategies to ensure the flaws don’t reappear in the future.
Ionize believes security testing isn’t about trying things until someone stumbles across an issue, but rather using set methodologies to provide rigorous and repeatable testing. We believe this so strongly in fact that the director of Ionize is also the project lead for the most widely used open source web testing framework, the OWASP testing guide.
Penetration tests can take place on single web applications, through to entire internal networks with thousands of clients. The benefits of this testing style include:
  • Project assurance – Have confidence that the scoped infrastructure is secure before being exposed.
  • Security compliance – Demonstrate you have taken steps to secure your customers and data from being attacked.
  • Risk identification – Identify what risks may face the business given the current solution, including possible controls or mitigations.


Attack simulations and penetration testing are usually conducted from a ‘Black Box’ approach. That is, testers are unable to see the code or logic rules they are dealing with, but rather try and discover for themselves what an application can do. Code review is another, more in-depth, form of vulnerability assessment which lays bare this logic to the tester. The source code of an application or system is studied to identify vulnerabilities with the aid of special analysis tools. Code review can discover hard to find vulnerabilities even before the application has gone into production, and usually provides a higher level of security assurance.
Ionize can perform simple source code reviews to complex reverse engineering of compiled code, or anything in-between. This allows us to emulate the actions of a determined and methodical ‘cracker’ in order to discover what vulnerabilities your compiled applications would reveal if examined in-depth. Once assessed, our testers can make recommendations for fixing any identified security flaws.
The advantage of source code analysis rests in it’s ability to pick up obscure bugs which would be almost impossible to find in the compressed time frames of other assessments. Often it is done in conjunction with dynamic testing such as penetration tests to demonstrate how flaws may actually be exploited.


A user will click on a link. An application will have an injection flaw. Someone will open an attachment.
One of these things will inevitably occur, and when it does it is important to answer what happened, and what was affected. Through quickly and effectively helping organisations answer these questions, organisations can recover with a minimum of disruption and financial impact. Ionize can also help piece together the timeline, help prevent similar events occurring, and draw on our offensive experience to know where the attackers may still be hiding.

Want to find out more?


Open: Mon-Fri 9am - 5pm
Phone: (02) 6162 1783
Email: [email protected]
Address: Suite 2.01, 40 Cameron Ave


Ionize was established in 2008, and has been servicing clients both within Australia and overseas ever since. Our focus is on providing honest advice to our clients, maintaining the integrity of our work, while building and giving back to the information security community.