project black logo
laptop with bugs on screen representing buggy software

Application Security.

Build secure software more easily by investing in your AppSec program. Find potential vulnerabilities before writing a single line of code, shift security left.

Our Core Offerings.

Application Security Strategy Assessment

Find out how well your development process matches up with DevSecOps best practices. Identify areas for improvement and walk away with a clear roadmap to make developing secure software easier.

Cloud Security Assessment

Cloud PaaS services makes security easier, however designing secure architecture and setting secure configurations is key. Uncover hidden security gaps in your current setup. Measure twice, build once.

Threat Modelling Training

Demystify threat modelling. Our training breaks down complex concepts into actionable strategies and equips your engineers with the skills to identify vulnerabilities before any code is written.

Secure Code Training

XXE, CORS, and SSRF aren't new trendy bands. Write more secure and resilient software by understanding security vulnerability classes. Know when a quick "LGTM" is enough in a PR.

Why Project Black?

We Can Write Code!

We probably can't code as well as you of course, but we know how the sausage is made. Having the skills to read and write code means we can spot security issues that others might miss, giving us an edge in keeping your software safe.

Certified Consultants

Our application security experts boasts prestigious certifications such as GIAC's GCSA and Microsoft's AZ500, ensuring that our DevSecOps advice is practical and integrates seamlessly with your development lifecycle.

GIAC logo
MCP logo

Shift Left

Penetration testing isn't the only way to identify vulnerabilities in your application! Embrace the 'shift left' approach, incorporate threat modelling and Static Application Security Testing (SAST) early in the development cycle.

Commitment to Innovation

Attacker methodologies continuously evolve, staying ahead of the curve is paramount. Project Black invests significantly in research and development. This commitment to continuous learning and innovation ensures that the techniques and tools remain cutting edge. Check out our research blog.


  • Our app is built on QuackStack and Duckscript, can you help?

    Yes, finding security vulnerabilities is more about pattern recognition than understanding language specific syntax.

  • How do I know if I need these services?

    Securing an application shouldn't feel like playing whac-a-mole. If you keep finding the same vulnerability classes, consider more strategic approaches to remediation like uplifting your AppSec program.

  • Why should I perform threat modelling?

    15 minutes threat modelling with a diagram can save hours or weeks of engineering rework later.

  • Can the training be customised for my organisation?

    Of course, whether it's PCI DSS, ISO 27001, or you're just being proactive, we can tailor training to provide the most relevant guidance.

Get a Quote.

Fill out the form below with your details, and we'll reach out to you on the same day to kickstart your journey.

Contact Us:

  • Privacy Policy (November 2023)
  • This policy outlines how we collect, use, and safeguard your personal information.
  • Information We Collect & How We Use It
  • Contact Form: When you use our contact form, we collect your name, email, and phone number. This is used to respond to your inquiries
  • Microsoft Clarity, Google & Bing Analytics: We use Microsoft Clarity together with Google & Bing Analytics to collect data such as your page views, and visitor behavior on our site. This helps us understand how our website is used to help us improve our site.
  • We do not share your personal data with any third parties, except as necessary for Microsoft Clarity, Google & Bing Analytics analysis, see their privacy policies for more information.
  • Data Security
  • Contact form information is sent via as this is a 100% static site to a shared mailbox in Office 365. Access to this mailbox is restricted to specific individuals within our company to ensure the security of your information.
  • helps us archive a copy of the form submission where it is retained for 30 days. If you prefer to contact us directly, you can email us at [email protected] for the same purpose.
  • Your Rights
  • You have the right to access, amend, or request the deletion of your personal data. If you have any privacy-related concerns, questions, or requests regarding your personal information, please contact us at [email protected].
  • Changes to Privacy Policy
  • Our privacy policy may be updated periodically. Any changes will be posted here and communicated to individuals who have previously submitted forms.
  • Jurisdiction
  • This privacy policy adheres to the Australian Privacy Principles.