About us
SECFORCE is a cybersecurity consultancy, specialized in offensive security assessments offering both Consulting and Testing Assurance services.
Certified Excellence
Security is one of the biggest priorities for organisations today.
The threats are real, constant and ever-changing. This is no time to compromise your security.
That is why some of the world’s leading organisations trust Secforce to test their systems, upgrade their security programmes and comply with their regulations.
We are a team of exceptional security consultants, with the knowledge and insight to identify vulnerabilities and help you secure your systems.
Our Testing Services
Penetration Testing
The key to an effective penetration test is not simply to identify weaknesses; it is critical to explore these weaknesses to understand the real threat risk for any organisation.
Learn more
Adversary Simulation
The real value of a Targeted Attack Simulation stems from its adoption of the ‘assume breach’ mindset. This makes it possible to assess the effectiveness of an organisation’s s…
Learn moreOur Consulting Services
Penetration Testing Maturity
A holistic review of your testing programme aimed to understand its effectiveness and provide the advice and approach to maximise your results and enhance your security posture.
Learn more
DORA Compliance
An end-to-end solution providing the necessary consulting capabilities, our proven track record of technical expertise and partnerships to cover all the DORA requirements.
Learn moreDiscover our uncompromising commitment to quality
About usCase Studies
Cybereason, last line of defence
See all cases
How Nedbank mitigates cyber attacks
See all cases
The Lab
CVE-2023-26465 - Breaking Through XSS Filters in Pega Platform
Take a look at how we managed to break through XSS filters using Markdown-nesting and user mentioning functionalities in Pega Platform
See more
Size matters! When capital letters introduce vulnerabilities
Microsoft Dynamics 365 Rich Text Editor XSS
See more
AWS Cognito pitfalls: Default settings attackers love (and you should know about)
Diving into some common, but sometimes overlooked, AWS Cognito misconfigurations.
See moreThe Blog
Are You Ready for Purple Team Testing?
When is an organisation ready for purple team testing? Have a look at the exact situations where purple teaming will deliver the most value, purple team testing timelines, and what happens after a purple teaming exercise is done.
See more
DORA Incident Reporting Essentials Explained
Being able to report security incidents - under DORA or any other major regulation such as GDPR or NIS2 - is one of the core security capabilities for any organisation that wants to grow its operations. Let's cover the basics.
See more
16 Hours At DEF CON: An Insider View On Antivirus Bypassing
Our red teamer, Dimitri Di Cristofaro, and his fellow hacker, Giorgio Bernardinetti, are running a full 16-hour training course on advanced antivirus (AV) evasion and malware execution at DEF CON 33. We spoke to Dimitri about what participants can expect, and more.
See more