Your Website Is Insecure
80% of all websites online today have at least 1 serious vulnerability allowing an attacker to completely compromise the website and the underlying platform. Don’t let your business become a victim.
Single Point of Contact
Your business deserves the best, but the best is not always immediately obvious in the world of information security. There are thousands of different security suites, apps, tests, and plug-ins available that are not only difficult to understand how to configure and maintain them, but difficult to understand how much security coverage you’re really getting from them. We provide a single Point of Contact for all of your security needs whether it be security consulting for your next-gen Node.js API service, co-developing a hybrid mobile app, or providing a baseline audit of your existing WordPress or Kentico website. No need to try out dozens of frameworks and services; we can provide a short list of appropriate, relevant solutions and even implement the selected solution and run a comprehensive post-production security report for your review.
Cloud Automation & Strategy
Deciding to move to the cloud is one of the most important steps many businesses make and also one of the most difficult to execute. Public or private cloud? Managed or DIY? Open source or proprietary? To containerize or not to containerize? These are common questions that every business technical leader will ask themselves when starting down the journey towards the cloud. We have answers.
We have experience with OpenStack (Red Hat and Canonical), AWS, Azure, and more, both at the IT administrator level and at the developer and integration level. There’s nothing more daunting that trying to move production services to a new environment and manage costs at the same time. We understand the pros and cons of major cloud providers, how to automate and orchestrate application workloads and virtual infrastructure, and we have valuable experience needed to help your business avoid common cloud migration pitfalls.
How do you log into your website or service? Username & password? Is it at least a very strong username & password?! – Don’t lie! Statistics are against you here.
Modern security requires a modern way of logging in. Unfortunately, administrators and end-users are slow to break out of the horribly insecure practice of using (relatively) simple usernames and passwords to access critical systems. There are many great solutions on the market that address this exact issue and we’ve worked with a lot of them – in fact, secure authentication is our specialty. Your website could have the strongest SSL / TLS, the most reviewed and tested code, but at the end of the day if your authentication scheme is weak, your entire system becomes inherently weak.
We can audit your current authentication system and, after also reviewing the level of data security needed, provide solutions ranging from Two-Factor Authentication products / services to seamless, controllable API authentication methods such as OAuth or SAML.
No one likes being vendor-locked due to incomprehensible code. We’re darn proud of the software and websites we make and we write all of our code expecting others to be updating and reviewing it later.
We focus on 4 core programming values:
- Cleanliness – Code should be easy to understand and have obvious context at all times.
- Preparedness – Never underestimate users; Code for the worst.
- Exposure – All code is production-ready and continuously reviewed.
- Scalable – Code must be elastic and be able to easily grow with the business.
The starting point of any security consultation is a baseline security audit. This is where we can find out how your website or service is built, where its weaknesses and strengths are, and how to begin forging a strategy to improve your overall information security.
Identifying potential security issues is one of the most important steps your business can take to minimize risk. If you don’t know where and how you can be attacked, you stand little chance in actually enhancing security in any meaningful way. There are plenty of tools and frameworks that can be used to “increase security” of A-Z but none of them are 100% effective nor cover all attack vectors. It’s of paramount importance to understand how you can be attacked so proper remediation can be implemented and provide real protection.
Recently, I needed to build a project for OpenStack that required that I not know the end-user's authentication method. I had used the clouds.yaml (cloud configuration file) approach before, so I thought I'd give it a go and test it out with a few...read more
If you're using SAML 2.0 Enhanced Client or Proxy (ECP) with OpenStack Keystone, it may not be obvious how to use the mainstream OpenStack client to authenticate. The example RC file below will hopefully shed some light on how to get started....read more
When you create a managed WordPress instance with GoDaddy, they gift you a few “system plugins” that can’t be easily removed. So, let’s remove them!read more
Robinhood UI project I've published a new Github project that demonstrates how to build applications and services against the unpublished Robinhood Finance API. Unfortunately, Robinhood doesn't make their API information publicly available (you have to request it and...read more