Your Website Is Insecure

80% of all websites online today have at least 1 serious vulnerability allowing an attacker to completely compromise the website and the underlying platform. Don’t let your business become a victim.

Information Security

Single Point of Contact

Your business deserves the best, but the best is not always immediately obvious in the world of information security. There are thousands of different security suites, apps, tests, and plug-ins available that are not only difficult to understand how to configure and maintain them, but difficult to understand how much security coverage you’re really getting from them.

We provide a single Point of Contact for all of your security needs whether it be security consulting for your next-gen Node.js API service, co-developing a hybrid mobile app, or providing a baseline audit of your existing WordPress website.  No need to try out dozens of frameworks and services; we can provide a short list of appropriate, relevant solutions and even implement the selected solution and run a comprehensive post-production security report for your review.

Learn More

Authentication Security

How do you log into your website or service? Username & password? Is it at least a very strong username & password?! – Don’t lie! Statistics are against you here.

Modern security requires a modern way of logging in. Unfortunately, administrators and end-users are slow to break out of the horribly insecure practice of using (relatively) simple usernames and passwords to access critical systems.  There are many great solutions on the market that address this exact issue and we’ve worked with a lot of them – in fact, secure authentication is our specialty.  Your website could have the strongest SSL / TLS, the most reviewed and tested code, but at the end of the day if your authentication scheme is weak, your entire system becomes inherently weak.

We can audit your current authentication system and, after also reviewing the level of data security needed, provide solutions ranging from Two-Factor Authentication products / services to seamless, controllable API authentication methods such as OAuth or SAML.

Learn More
Secure Authentication Consulting

Defensive Programming

No one likes being vendor-locked due to incomprehensible code. We’re darn proud of the software and websites we make and we write all of our code expecting others to be updating and reviewing it later.

 

We focus on 4 core programming values:

  • Cleanliness – Code should be easy to understand and have obvious context at all times.
  • Preparedness – Never underestimate users; Code for the worst.
  • Exposure – All code is production-ready and continuously reviewed.
  • Scalable – Code must be elastic and be able to easily grow with the business.
Let's Build Something Together

Security Auditing

The starting point of any security consultation is a baseline security audit. This is where we can find out how your website or service is built, where its weaknesses and strengths are, and how to begin forging a strategy to improve your overall information security.

 

Identifying potential security issues is one of the most important steps your business can take to minimize risk. If you don’t know where and how you can be attacked, you stand little chance in actually enhancing security in any meaningful way. There are plenty of tools and frameworks that can be used to “increase security” of A-Z but none of them are 100% effective nor cover all attack vectors. It’s of paramount importance to understand how you can be attacked so proper remediation can be implemented and provide real protection.

Learn More
Security Auditing

Our Blog

SHA2 Hash Generator

I recently wrote a Windows .NET application that generates SHA1/2 hashes for a given input. It has SHA1, SHA256, SHA384, and SHA512 support as well as PBKDF2 support (1-100,000 rounds).

read more

Socket.IO tutorial – Find All Users In A Room

How To Find All Users In A Socket.IO Room Socket.IO version 1.0+ is a complete rewrite of the popular JavaScript library for “real-time bidirectional event-based communication”. This means that a whole lot of your pre-1.0 code will simply not work; it... read more

How To Check (And Fix) Your Website’s SSL Security

Is Your Website’s SSL Vulnerable? In this tutorial, I’ll walk through how to check your website’s HTTPS SSL certificate for common vulnerabilities and I’ll also provide some steps to easily mitigate common issues.   Check Your SSL... read more

The FIDO Alliance’s “Second Factor Experience” In A Nutshell

The FIDO Alliance is a conglomerate of top technology corporations (Microsoft, Google, Oberthur, NXP, Paypal, etc…) aiming to create standardized enhanced authentication with specific goals of “Passwordless Authentication” (UAF) and “Second Factor Authentication” (U2F). Essentially, they want to be able to framework how companies provide secure access to their web resources as well as how users prove their identity to the companies. Here’s my take on the effort.

read more

How Can We Help?

9 + 14 =

Additional Contact Information

Pin It on Pinterest

Share This