Your Website Is Insecure
80% of all websites online today have at least 1 serious vulnerability allowing an attacker to completely compromise the website and the underlying platform. Don’t let your business become a victim.
Single Point of Contact
Your business deserves the best, but the best is not always immediately obvious in the world of information security. There are thousands of different security suites, apps, tests, and plug-ins available that are not only difficult to understand how to configure and maintain them, but difficult to understand how much security coverage you’re really getting from them.
We provide a single Point of Contact for all of your security needs whether it be security consulting for your next-gen Node.js API service, co-developing a hybrid mobile app, or providing a baseline audit of your existing WordPress website. No need to try out dozens of frameworks and services; we can provide a short list of appropriate, relevant solutions and even implement the selected solution and run a comprehensive post-production security report for your review.
How do you log into your website or service? Username & password? Is it at least a very strong username & password?! – Don’t lie! Statistics are against you here.
Modern security requires a modern way of logging in. Unfortunately, administrators and end-users are slow to break out of the horribly insecure practice of using (relatively) simple usernames and passwords to access critical systems. There are many great solutions on the market that address this exact issue and we’ve worked with a lot of them – in fact, secure authentication is our specialty. Your website could have the strongest SSL / TLS, the most reviewed and tested code, but at the end of the day if your authentication scheme is weak, your entire system becomes inherently weak.
We can audit your current authentication system and, after also reviewing the level of data security needed, provide solutions ranging from Two-Factor Authentication products / services to seamless, controllable API authentication methods such as OAuth or SAML.
No one likes being vendor-locked due to incomprehensible code. We’re darn proud of the software and websites we make and we write all of our code expecting others to be updating and reviewing it later.
We focus on 4 core programming values:
- Cleanliness – Code should be easy to understand and have obvious context at all times.
- Preparedness – Never underestimate users; Code for the worst.
- Exposure – All code is production-ready and continuously reviewed.
- Scalable – Code must be elastic and be able to easily grow with the business.
The starting point of any security consultation is a baseline security audit. This is where we can find out how your website or service is built, where its weaknesses and strengths are, and how to begin forging a strategy to improve your overall information security.
Identifying potential security issues is one of the most important steps your business can take to minimize risk. If you don’t know where and how you can be attacked, you stand little chance in actually enhancing security in any meaningful way. There are plenty of tools and frameworks that can be used to “increase security” of A-Z but none of them are 100% effective nor cover all attack vectors. It’s of paramount importance to understand how you can be attacked so proper remediation can be implemented and provide real protection.
We just launched a free new web service called DeepTalk that allows people to share sensitive information in a secure and private environment.read more
HubSpot doesn’t adequately explain how to pass in boolean values through its Forms API. I recently had to work with this API and wrote down some hints.read more
I recently wrote a Windows .NET application that generates SHA1/2 hashes for a given input. It has SHA1, SHA256, SHA384, and SHA512 support as well as PBKDF2 support (1-100,000 rounds).read more
Online security & privacy is more important than ever. Read now to increase your online security and to form good online privacy habits for the future.read more
This article will help you fix BootstrapValidator.js feedbackIcons position for Bootstrap.js input-group class using CSS.read more
A great foundation for a proper open-source community project that I really hope others will get involved with to grow this into a proper solution for Linux users seeking OneDrive connectivity.read more
The FIDO Alliance is a conglomerate of top technology corporations (Microsoft, Google, Oberthur, NXP, Paypal, etc…) aiming to create standardized enhanced authentication with specific goals of “Passwordless Authentication” (UAF) and “Second Factor Authentication” (U2F). Essentially, they want to be able to framework how companies provide secure access to their web resources as well as how users prove their identity to the companies. Here’s my take on the effort.read more