Dracosec Research Limited Logo
Home
News
Events
Services
About Us
SA Portal
Contact
Home / Services / Security Assurance Portal

Client Portal Platform

Security Assurance Portal

SA Portal is a unified client workspace for managing your DracoSec engagements. Track active assessments, monitor your external attack surface in real time, receive curated threat intelligence relevant to Hong Kong, and review every deliverable β€” all in one place.

Security Dashboard
Clear at a glance
One
Workspace for all tasks
Access SA Portal Explore Features
Security Dashboard β€” main portal landing view

One workspace. Every engagement.

Replace email threads, shared drives, and ad-hoc spreadsheets with a single secure workspace built specifically for managed cybersecurity engagements.

Built around your engagements

Every penetration test, vulnerability scan, and incident response engagement is tracked end-to-end β€” from kickoff through retesting, with status, scope, and deliverables visible to your team.

HK-aware threat intelligence

Curated threat feeds filtered for Hong Kong relevance β€” HKCERT advisories, ransomware leak-site listings naming HK victims, and CVEs affecting the technology stack you actually deploy.

Secure by design

Multi-tenant isolation enforced at the database level. Encrypted evidence storage, audit-logged access, per-engagement scope gates, and role-based permissions β€” security posture appropriate to the data we hold.

Platform Capabilities

Key features

Capabilities purpose-built for managed cybersecurity clients β€” from external surface monitoring to engagement delivery.

Attack Surface Monitor β€” external footprint inventory

Attack Surface Monitor

Know your external footprint, every day

Continuous discovery and monitoring of your internet-exposed assets. Subdomains, IPs, open ports, web technologies, and exposure alerts β€” refreshed automatically on a daily cadence with snapshot history so you can see exactly when something changed.

  • Subdomain enumeration - across passive and active sources
  • Risky-port detection - with tunable per-tenant alert lists
  • Web technology fingerprinting β€” see what stack faces the internet
  • Snapshot history β€” reconstruct any past state of your perimeter
Threat Intelligence β€” HK-relevant alert with full enrichment

Threat Intelligence

The threats that matter to you, surfaced first

The portal surfaces curated threat intelligence β€” HKCERT advisories, ransomware leak-site listings, KEV-flagged CVEs, and APT campaign activity β€” filtered for Hong Kong relevance and your tech-stack. Critical alerts are pushed to email; full enrichment, IOCs, and historical context live here.

Threat Intelligence is also available as a standalone managed service.

Learn about the Threat Intelligence service
Engagement workspace β€” active penetration test with activity feed

Engagement Management

Every assessment, end to end

Track active engagements through kickoff, fieldwork, reporting, and retesting. Service requests, meeting notes, deliverables, and remediation barriers β€” all attached to the engagement record rather than scattered across email and shared drives.

  • Service request submission β€” kick off new assessments without leaving the portal
  • Engagement timeline β€” meetings, milestones, and remediation barriers tracked in one place
  • Encrypted report delivery β€” final reports protected by per-engagement passwords
  • Approval workflow β€” review and approve deliverables before retest sign-off
Tokens Available β€” wallet summary and ledger

Token Wallet

Prepaid token, fully traceable

Token-based engagement billing with full ledger transparency. One token equals HKD 1,000 of security service capacity. Every credit and debit is recorded and exportable, so finance and security leadership both have the audit trail they need.

  • Real-time balance β€” see committed and available capacity at a glance
  • CSV & PDF reports β€” date-ranged token usage exports for finance review
  • Engagement attribution β€” every debit linked to the engagement that consumed it
  • Self-service top-up β€” purchase additional capacity directly when needed
Critical alert email β€” engagement and threat notifications

Notifications

Stay informed without watching a screen

You don't need to keep the portal open. Critical events trigger immediate alerts; everything else rolls up into a curated digest delivered on the cadence your team prefers β€” daily for active security teams, weekly for leadership rhythms.

  • Engagement notifications β€” meeting reminders, deliverable approvals, and overdue remediation alerts
  • Threat alerts & digests β€” real-time critical alerts and structured daily / weekly summaries delivered through the Threat Intelligence service
  • Per-recipient cadence β€” different stakeholders can subscribe to different streams independently
  • Deep-link back to portal β€” every notification links straight to the relevant record for full context
Vulnerability Scanning β€” self-service scan launcher with Nessus-powered profiles

Vulnerability Scanning

Self-service scans, on demand

Powered by Nessus, the portal lets you launch vulnerability scans against your own assets without waiting for an engagement to be scheduled. Pick the profile that fits the task, track progress in real time, and download the report the moment the run completes β€” debited automatically from your token wallet.

  • Quick Scan β€” fast port scan and checks for common, high-impact vulnerabilities
  • Network Discovery β€” map live hosts and open services across IP ranges
  • Full Scan (Advanced) β€” comprehensive vulnerability assessment with web application tests
  • Token-based, instant report β€” each profile has a predictable token cost; PDF and machine-readable reports available as soon as the scan finishes

For Critical Infrastructure Operators

CI readiness scoring

Designated Critical Infrastructure Operators face Hong Kong's Protection of Critical Infrastructures (Computer Systems) Ordinance obligations. The portal includes a dedicated scoring engine that evaluates threat events against Cap. 653 reporting criteria and tracks your readiness posture continuously β€” not just at audit time.

  • Cap. 653 signal classification β€” threats automatically scored on data compromise, service disruption, and unauthorised access criteria
  • Sector-aligned triggers β€” relevance scoring tuned to your designated CI sector and operational context
  • Reporting timeline guidance β€” clear visibility into which events warrant statutory notification and on what timeline
  • Audit-ready evidence trail β€” every classification decision logged for compliance verification
Learn about CI Compliance Service
Cap 653 readiness β€” alert auto-classified as reportable within 48h

Security & access

The portal handles sensitive engagement data β€” credentials, evidence, and findings. Security controls are appropriate to that responsibility.

Multi-tenant isolation

Row-level security enforced at the database layer. No client sees another client's data, ever.

Role-based access

Distinct roles for company admin, viewer, and DracoSec internal staff. Permissions scoped to need.

Audit logging

Every authentication, report download, and credential rotation is logged with IP and user agent.

Encrypted evidence

ASM evidence and engagement deliverables encrypted at rest. Access expires automatically.

Getting started

A short onboarding designed to get your team productive within the first week of any engagement.

1

Engagement kickoff

Your account is provisioned when your first engagement starts. No separate signup.

2

Team invitation

Add colleagues with appropriate roles β€” admins manage settings, viewers see reports.

3

Configure monitoring

Authorize ASM scopes and tune threat intel preferences to match your stack.

4

Daily operations

Receive digests, review findings, manage requests β€” all from one place.

Already a DracoSec client?

Access your portal directly. New clients receive portal access automatically as part of any engagement β€” speak to us about what coverage fits your organization.

Sign in to Portal Talk to us