Prior to implementing a new application, its securiy must be thoroughly planned out. This process includes selecting the appropriate security technologies, standards, and suitable implementations. The specific decision must be carefully considered as this will affect the entire development process and deployment of the application.

A customized expertise will help you select the technologies and standards that are best suited to your application, which will eliminate time-consuming and costly adjustments in the future.

Choosing the appropriate security technology is often not a trivial matter. Standards are continuously improved and technologies are constantly expanded, making it difficult for you to keep track of all available options.

This can be seen in the example of Single Sign-On procedures: The standards SAML, OAuth, and OpenID Connect are all widespread and used in many applications. Each of the standards offers different flows and numerous extensions for special use cases. Therefore, after the decision for one of the standards has been made, additional may questions arise:

  • Which flows can I use in my scenario?
  • How can I ensure that the technology is used in a secure way for my specific use?
  • Are advanced security mechanisms such as PKCE or proof-of-possession tokens relevant to me?

Hackmanit employees have state-of-the-art knowledge due to their research background, offering you opportunity to commission expertise on various IT security topics. We would be pleased to advise you on the design and implementation of various web services solutions (SOAP and REST), Single Sign-On procedures (SAML, OAuth and OpenID Connect), Information Rights Management (Microsoft RMS, Azure Rights Management and Oracle IRM), cryptographic procedures (selection of appropriate cipher suites and extensions for TLS), or web applications.

The following documents provide an example of our public expertise.

In collaboration with Rhode and Schwarz Cybersecurity and the Federal Office for Information Security (BSI).

  • Secure implementation of a general crypto library (German, PDF)
  • Source code-based investigation of cryptographically relevant aspects of the OpenSSL library, Federal Office for Information Security (German, PDF)