Back to Top



DAVE offers one of the most comprehensive, flexible and cost-effective security assessment and testing solutions available in the market. Go far beyond simple vulnerability scanning and transform your security testing with DAVE. We understand security testing completely and we also understand some of the challenges that organisations face in trying to facilitate effective security testing. We used this experience and knowledge to develop a solution which helps organisations increase the effectiveness and flexibility of their security testing whilst at the same time significantly reducing costs and operational overheads. DAVE, the Digital Assurance Vulnerability Engine, packs over one hundred years of security testing experience into a box, on-demand and under your control.


On-Demand - Conduct any type of security assessment without the lead-times, anytime, anywhere:

  • Infrastructure security assessments
  • Application security testing
  • Scenario-based penetration testing
  • Source code reviews and audits
  • Host, firewall and network device security configuration audits and assessments
  • Wireless security assessments
  • White-box and black-box testing styles
  • Most platforms and technologies may be tested

Accessibility – On-site dedicated DAVE portal for managing the service including requesting assessments, accessing reports and findings. Access can be granted to any authorised user in the organisation allowing project teams to undertake assessments as and when they require. In addition to our customisable reports, all findings and results are available in a variety of formats including XML for rapid integration with existing risk management products and solutions.

Compliance – DAVE fulfils PCI DSS requirements for internal and external systems testing (PCI requirements 11.2 and 11.3) and can also be used to fulfil security testing requirements in support of HMG systems accreditation.

Full Life Cycle Assurance – Allow your teams to engage DAVE to undertake reviews and tests throughout the development process and avoid the issues that can arise with security testing only late in the development cycle.

Complete Control – Organisations have complete control over DAVE including when and how tests are conducted. DAVE only has visibility of systems you specify and a full audit trail is generated by the appliance that details exactly what testing activities have been undertaken and when.

Security - Unlike many other solutions, all data including sensitive system and vulnerability information stays on your network secured within a hardened DAVE appliance. DAVE can only be engaged after you have requested and authorised testing to start. Optionally DAVE can be supplied with a unique mechanism that allows complete software and network segregation from the target systems.

Exceptional Value - No on-site costs, no penalties for delayed or cancelled assessments and unlimited re-testing of identified vulnerabilities to validate fixes. Organisations deploying DAVE can achieve cost savings approaching 50% compared with traditional approaches to security testing.

Accuracy and Relevance - Very low false positive rates and the identification of vulnerabilities that other solutions completely fail to identify. All issues and recommendations are tailored to your organisation and your systems.

Rapid Deployment – A plug-in-and go solution with minimal dependencies, and a 90 second set-up. The solution is self-contained and may be deployed to any network or system. DAVE secure control channels can operate over the Internet, wireless, RAS and dedicated networks as needed.


DAVE is deployed as an appliance which resides on your organisations network and provides access to on-demand security assessments through a dedicated portal. DAVE is currently available in three base models:

  • DAVE – Rack mountable 1U appliance providing enterprise class security assessments;
  • DAVE Jr – Small-form desktop appliance providing flexibility and rapid deployment.
  • vDAVE – A virtual appliance for deployment into private or public cloud environments.

One or more administrator users are nominated from your organisation and these users can in-turn assign DAVE accounts to other members of the organisation with varying level of access. Authorised users may then engage security testing at any time by logging onto their DAVE portal and specifying the nature of the testing, the target system(s) and other relevant information. DAVE will validate this request and ensure that any pre-requisites are in place such as user credentials or connectivity to target systems. Optional workflow controls allow designated organisation administrators to inspect, validate and modify any user requests for testing prior to them being committed by DAVE.

Once an assessment is underway results are made visible to your users as they become available and following the completion of the assessment a tailored report detailing all findings and recommendations is made available. In addition to the comprehensive and customisable report itself, results and findings are made available in a variety of exportable formats including XML that may be readily incorporated into your existing vulnerability and risk management solutions.

Issues identified during any assessment may be assigned to nominated individuals or teams within the organisation for further action including remediation activity or possible acceptance of risks. This additional functionality allows issues arising from any assessment to be tracked through to closure with additional re-testing and validation conducted automatically by DAVE without incurring additional costs.

DAVE provides high levels of assurance and unparalleled flexibility whilst offering significantly reduced costs and operational overheads for your organisation.