Prior to implementing a new application, you must thoroughly plan its security. This process includes selecting the appropriate security technologies, and standards, as well as suitable implementations. The specific decision must be carefully considered because it affects the entire development process and deployment of the application.
A customized expertise will help you select the technologies and standards that are best suited to your application, eliminating time-consuming and costly future adjustments.
You want to ensure that the design of your planned application is secure?
The choice of the appropriate security technology is often not trivial. Standards are continuously improved and technologies are constantly expanded, making it difficult to keep track of all available options.
This can be seen in the example of Single Sign-On procedures: The standards SAML, OAuth and OpenID Connect are all widespread and used in many applications. Each of the standards offers different flows and numerous extensions for special use cases. Therefore, after the decision for one of the standards has been made, further questions arise:
- Which flows can I use in my scenario?
- How can I ensure that the technology is used in a secure way for my specific use?
- Are advanced security mechanisms such as PKCE or proof-of-possession tokens relevant to me?
With their research background, Hackmanit employees have state-of-the-art knowledge and offer you the opportunity to commission expertise on various IT security topics. We will be pleased to advise you on the design and implementation of various web services solutions (SOAP and REST), Single Sign-On procedures (SAML, OAuth and OpenID Connect), Information Rights Management (Microsoft RMS, Azure Rights Management and Oracle IRM), cryptographic procedures (selection of appropriate cipher suites and extensions for TLS) or web applications.
In the following an excerpt of public expertise is given.
Public Expertise (2)
In collaboration with Rhode and Schwarz Cybersecurity and the Federal Office for Information Security (BSI).