Prior to implementing a new application, its security must be thoroughly planned out. This process includes selecting the appropriate security technologies, standards, and suitable implementations. The specific decision must be carefully considered as this will affect the entire development process and lifecycle of the application.

A customized threat analysis will help you select the technologies and standards that are best suited to your application, which will eliminate time-consuming and costly adjustments in the future.

Choosing the appropriate security technology is often not a trivial matter. Standards are continuously improved and technologies are constantly expanded, making it difficult for you to keep track of all available options.

This can be seen in the example of Single Sign-On procedures: The standards SAML, OAuth, and OpenID Connect are all widespread and used in many applications. Each of the standards offers different protocol flows and numerous extensions for special use cases. Therefore, after the decision for one of the standards has been made, additional questions may arise:

  • Which protocol flows can I use in my scenario?
  • How can I ensure that the technology is used in a secure way for my specific use?
  • Are advanced security mechanisms such as PKCE or proof-of-possession tokens relevant to me?

Hackmanit employees have state-of-the-art knowledge due to their research background, offering you the opportunity to commission threat analysis on numerous IT security topics. We would be pleased to advise you on the design and implementation of various web services solutions (SOAP and REST), Single Sign-On procedures (SAML, OAuth and OpenID Connect), Information Rights Management (Microsoft RMS, Azure Rights Management and Oracle IRM), cryptographic procedures (selection of appropriate cipher suites and extensions for TLS), or web applications.

The following documents provide an example of our public threat analysis and expertise.

The following expertises were published in collaboration with Rhode and Schwarz Cybersecurity and the Federal Office for Information Security (BSI):

  • Secure implementation of a general crypto library (German, PDF)
  • Source code-based investigation of cryptographically relevant aspects of the OpenSSL library, Federal Office for Information Security (German, PDF)

Are you unsure whether a threat analysis is the right procedure for you? We would be pleased to discuss individual options for evaluating the security of your planned application in a non-binding meeting.

Prof. Dr. Juraj Somorovsky

Your Contact for Threat Analysis

Prof. Dr. Juraj Somorovsky
+49 (0)234 / 54452661