Close security gaps, minimize business risks - Our customers receive targeted IT security consulting for strong IT systems.
Dr. Christian Mainka | CTO, Department Single Sign-On | Hackmanit
Effective. Flexible. Time-saving.
The First-Class Solution for Your
IT Security in Everyday Project Routine.
Stay up to date with us in the rapidly changing areas of web security and cryptography.
The world of information technology (IT) is constantly producing new innovations, standards, and implementations that expand the market. This continuous progress goes hand in hand with increasingly demanding IT security requirements. To effectively prevent potential hacker attacks and cyber criminals, it is crucial to fulfill these high requirements quickly. Protecting your business is our top priority giving you ease of mind to pursue your business goals and optimize your performance.
Our on demand consulting service has been specially developed to answer your individual IT security questions in day-to-day business quickly. Benefit from focused advice and customized solutions that are developed precisely for your IT infrastructure and applications.
From medium-sized companies to large corporations and public sector clients, we can efficiently support you in all IT security matters. Save yourself and your team valuable time and rely on the expertise of our IT security experts.
Our IT security experts are at your side. Contact us.
Discover the benefits of our on demand consulting!
In a non-binding consultation, we will show you customized options to support your team.
Email – Prof. Dr. Juraj Somorovsky
On Demand IT Security Consulting
Uncomplicated. Specialized. Focussed – Find out how you can benefit from our IT security consulting and how a cooperation with Hackmanit actually looks like.
What you can expect and what our customized consulting service includes
Our consulting model is a service available at any time via email or (video) calls that specializes in supporting companies with their day-to-day IT security issues. Whether you have urgent security questions, need professional confirmation for decisions, or require relevant information on standards and technologies, our team of experts is at your side. We provide analyses or short studies to help address your needs. Our team is available to assist you with a wide range of topics, from security concerns to technology standards.
Book the right consulting contingent for your company and your projects. Your team can use it flexibly over the course of a year and scale it at any time. Our experts reserve the required consulting capacity for your demands, so they can help you out if needed.
Flexibility, Predictability and Cost Transparency
Our services are billed in 15 minute intervals; that way you have maximum flexibility with our on demand IT security consulting. From short security-specific questions via email to detailed solution approaches in meetings. Utilize your consulting resources variably and efficiently, according to your needs. Optimize your cyber security investments by only paying for the advice and services you actually use. Our experts will also be happy to provide you with an assessment in advance.
Our Consulting Options
As a service partner, we advise you in various ways and with expertise from a wide range of specialized fields and areas of IT security. Simply book your desired consulting contingent, which you can use flexibly and individually over the course of a year. Our options for you ...
01
On Demand IT Security Consulting // Option 01
5 consulting days – 2 days minimum
Our initial offer for getting started with our consulting services.
02
On Demand IT Security Consulting // Option 02
10 consulting days – 3 days minimum
Recommended for medium-sized companies with various interlocking IT security areas and applications.
03
On Demand IT Security Consulting // Option 03
20 consulting days – 5 days minimum
Recommended for large companies and groups with several departments and applications in the company. If knowledge is required in several specialized areas and in-depth solutions, measures and strategies are needed on a larger scale at the same time.
Workflow and Cooperation
-
// Consultancy on established and recent standards
// Best practices for your applications and projects
// Specific recommendations for action to protect your systems and applications
// Necessary measures against the greatest risks, e.g., OWASP Top 10
// Various regulations: DORA, PSD2, BSI requirements, etc. -
// Single sign-on – SAML, OpenID Connect, OAuth 2.1, FAPI, Keycloak
// Web services solutions – SOAP APIs or REST APIs
// Web application implementation – content security policy, protection against XSS, UI redressing
// Cryptographic protocols and standards – TLS, SSH, VPN, AES, RSA
// Data formats – JSON, XML, X.509, ASN.1
// Document formats – PDF, ODF, OOXML
// Information rights management - Microsoft RMS, Azure Rights Management, Oracle IRM
Examples of questions and topics for our on demand IT security experts:
Single Sign-On
> How can the differences between OAuth and OIDC be summarized? Which protocol do we need in our scenario?
> Our clients are allowed to request certain scopes. What effects would it have if we no longer validate the scopes at the IdP? What dangers/risks would arise here?
> What security recommendations are there for the configuration of OIDC/OAuth flows with Keycloak?
Web Security
> We have heard about JSON hijacking. Is JSON hijacking still a problem? If so, what countermeasures should we take?
> Our API server uses an outdated XML library that is vulnerable to specific XML attacks. In our firewall, we only enforce JSON, with a JSON media type. But what happens if XML is transmitted in the payload? After all, will our API server try to parse XML? Are we safe?
> Do you have a standard guideline for "developing secure web applications" that we can adapt?
Cryptography
> Can we use mutual TLS for our internal APIs? What are the security benefits of mutual TLS, and what are the implications for our employees?
> Should we use RSA certificates or ECDSA certificates in our TLS server configuration? What are the advantages and disadvantages of these algorithms?
> We evaluated our servers with testssl and TLS-Scanner. The tools reported that we are vulnerable to SWEET32 and Lucky13. What impact do these attacks have and are they relevant to us? How can we improve our configuration?
Optimize the Efficiency and Security of Your Systems.
Rely on Our Expertise.
// Consulting (Full Service) – The all-round consultancy for extensive projects >>
// Penetration Tests – Overview and workflow >>
// IT Security Training – Our complete portfolio of training courses >>
// Threat Analyses – Optimized protection right from the start >>
Frequently Asked Questions and Answers - On Demand IT Security Consulting
-
There are several standards and documents with recommendations that provide relevant information on specific areas (e.g., technical guidelines from the BSI or OWASP cheat sheets). However, these are often difficult to understand or not directly applicable to your IT landscape. Our task is to understand them and adapt them to your needs.
-
The core areas of responsibility include security assessment of the technologies used, identification of vulnerabilities and risks, and recommendation of state-of-the-art IT security best practices. We also provide support with the implementation of security solutions and the configuration of your infrastructure.
-
Our consulting contract gives you access to specialized knowledge and experience that is often difficult to replicate internally. Hackmanit is able to quickly identify current and potential security risks and develop effective strategies to address them, minimizing the risk of data breaches and cyber-attacks. In addition, such a contract provides a flexible and cost-effective solution for strengthening IT security.
-
Our services are billed in 15 minute intervals, which gives you the flexibility to ask short, security-specific questions.
Your Contact for Your On Demand IT Security Consulting
Prof. Dr. Juraj Somorovsky
juraj.somorovsky@hackmanit.de
Maximize Your Security Level
With Our IT Security Experts.
Web security and cryptography are evolving rapidly.
This makes it more important than ever for companies to keep pace with the latest developments in cyber security. This is how you specifically ensure that your networks and sensitive data are optimally protected – Hackmanit is here to support companies in a versatile way with specialized know-how.
For our comprehensive IT security consulting, our top teams use, among other things, their direct proximity to security research. Through close contact with researchers and experts in the IT industry, Hackmanit always remains at the cutting edge of technology. This enables us to protect companies from new threats with state-of-the-art security solutions.
Our customers benefit from this special expertise, as we can offer them comprehensive analyses and tailored solutions that are maximally adapted to the current threats. We provide you with the best possible advice so that you can ideally protect your systems against attacks from hackers or cyber criminals.
In addition, we offer our customers a wide range of IT security training and customized penetration tests. This ensures that your IT security is maintained at the highest possible level.
// Latest publications of our IT experts >>
// Hackmanit is Organizer of – RuhrSec: The IT Security Conference in Bochum >>
Our IT security experts are at your side. Contact us.
Find out which IT security your company specifically needs.
Write us an e-mail and arrange a non-binding consultation.
E-Mail – Prof. Dr. Juraj Somorovsky
IT Security Consulting and Solutions –
Our Specialties
Cryptography
When it comes to cryptography, you need a partner who knows the Transport Layer Protocol (TLS) inside out. Hackmanit offers consulting services that support the configuration and implementation of cryptographic algorithms to securely encrypt the transmission of sensitive data. Our IT security team is ready to assist you directly in all areas of cryptography, such as data encryption, data integrity, or cryptographic protocols.
Web Security
Your data is your business, and protecting it should be a priority.
That's why our web security consulting includes compliance with the OWASP Top10 security standards, finding cross-site scripting (XSS) vulnerabilities, preventing SQL injection attacks, and configuring and implementing a secure content security policy. With these necessary measures, you can ensure the integrity and confidentiality of your data, preventing attacks against your websites.
Single Sign-On
Unified authentication for multiple applications increases usability while improving security. The technology you need for this purpose is Single Sign-On. We support you from the configuration to the secure implementation of OAuth, OpenID Connect, and SAML, for example using Keycloak. Our IT security experts also review API security requirements and optimize them based on the OWASP API Top 10.
IT Security Consulting Packages –
Our IT Security Services
From planning to implementation to live operation - Hackmanit is at your side every step of the way to protect your systems.
Let our IT security experts advise you individually and find the right solutions, technologies and security measures with us. Contact us by e-mail for a non-binding consultation. Your contact person is Prof. Dr. Juraj Somorovsky -
juraj.somorovsky@hackmanit.de.
Individually, in combination or as a full service, book our IT security packages according to your needs.
01
Package 01 // Analysis
Threat analysis and selection of security measures
02
Package 02 // Implementation
Customized recommendations for implementation of resilient and robust systems
03
Package 03 // Production
Coaching for compliance and adaptation to fast-moving IT security requirements.
Package 01 // Analysis
In this first step of our IT security consulting, we analyze the current status of your project according to current research, OWASP, and IETF criteria. We examine your IT systems to uncover potential weaknesses in your processes and identify risks. Based on these analyses, we prepare a detailed report with recommendations for action and security best practices on how to increase your security level.
Package 02 // Implementation
In this step, we support your development team in implementing the recommendations from the first step. You will receive tailored implementation recommendations for building resilient and robust systems. This enables you to mitigate potential threats before they become a real security risk for your company.
Package 03 // Production
After implementation, we support the production phase of your system to ensure that all measures are working properly. We provide coaching on how to comply and adapt to fast-moving IT security requirements. In addition, we offer support to troubleshoot issues that arise during operation.
+++
Penetration Test – The Secure Extra to Your Consulting Package
A penetration test is an essential part of IT security and contributes comprehensively to the improvement of your IT systems. With a penetration test, we gain insights into the system and the potential vulnerabilities,and help you fix them before they can be exploited by cybercriminals
Our experienced team will test your system in the same way as an attacker would, to uncover vulnerabilities at any level. Based on the detected vulnerabilities, you will receive recommendations on how to implement proper countermeasures. We work closely with you to optimally improve your IT security.
// Learn everything about our penetration tests in detail >>
Frequently Asked Questions and Answers - IT Security in the Company
-
Hackmanit advises according to the industry standard OWASP Top 10, according to which the most common vulnerabilities include errors in the access control of APIs, errors in the use of cryptography, injection attacks, insecure software architectures, and misconfigurations. Our consulting services help to proactively avoid these errors.
-
Cryptography can, for example, be used to protect sensitive data from unauthorized access and tampering. By adhering to security best practices, the integrity of data can be guaranteed and confidentiality ensured, which increases cybersecurity and provides protection against cyber attacks.
-
Today, a comprehensive IT security strategy is essential to ensure that business processes run smoothly, data is protected, and corporate reputation and trust are maintained. Hackmanit can help you to assess the threat situation and implement a secure solution.
-
A penetration test is an additional building block for identifying and remediating vulnerabilities in deployed applications. IT security consulting can help determine penetration testing needs and requirements and decide if a penetration test is necessary.
-
Targeted training in cryptography, web security, and single sign-on can increase the expertise of your employees, making your business processes and applications better protected from cybercriminals.
Your Contact for Your IT Security Consulting
Prof. Dr. Juraj Somorovsky
juraj.somorovsky@hackmanit.de