Effective. Flexible. Time-saving.
The First-Class Solution for Your
IT Security in Everyday Project Routine.
Stay up to date with us in the rapidly changing areas of web security and cryptography.
The world of information technology (IT) is constantly producing new innovations, standards, and implementations that expand the market. This continuous progress goes hand in hand with increasingly demanding IT security requirements. To effectively prevent potential hacker attacks and cyber criminals, it is crucial to fulfill these high requirements quickly. Protecting your business is our top priority giving you ease of mind to pursue your business goals and optimize your performance.
Our on demand consulting service has been specially developed to answer your individual IT security questions in day-to-day business quickly. Benefit from focused advice and customized solutions that are developed precisely for your IT infrastructure and applications.
From medium-sized companies to large corporations and public sector clients, we can efficiently support you in all IT security matters. Save yourself and your team valuable time and rely on the expertise of our IT security experts.
Our IT security experts are at your side. Contact us.
Discover the benefits of our on demand consulting!
In a non-binding consultation, we will show you customized options to support your team.
Email – Prof. Dr. Juraj Somorovsky
On Demand IT Security Consulting
Uncomplicated. Specialized. Focussed – Find out how you can benefit from our IT security consulting and how a cooperation with Hackmanit actually looks like.
What you can expect and what our customized consulting service includes
Our consulting model is a service available at any time via email or (video) calls that specializes in supporting companies with their day-to-day IT security issues. Whether you have urgent security questions, need professional confirmation for decisions, or require relevant information on standards and technologies, our team of experts is at your side. We provide analyses or short studies to help address your needs. Our team is available to assist you with a wide range of topics, from security concerns to technology standards.
Book the right consulting contingent for your company and your projects. Your team can use it flexibly over the course of a year and scale it at any time. Our experts reserve the required consulting capacity for your demands, so they can help you out if needed.
Flexibility, Predictability and Cost Transparency
Our services are billed in 15 minute intervals; that way you have maximum flexibility with our on demand IT security consulting. From short security-specific questions via email to detailed solution approaches in meetings. Utilize your consulting resources variably and efficiently, according to your needs. Optimize your cyber security investments by only paying for the advice and services you actually use. Our experts will also be happy to provide you with an assessment in advance.
Our Consulting Options
As a service partner, we advise you in various ways and with expertise from a wide range of specialized fields and areas of IT security. Simply book your desired consulting contingent, which you can use flexibly and individually over the course of a year. Our options for you ...
01
On Demand IT Security Consulting // Option 01
5 consulting days – 2 days minimum
Our initial offer for getting started with our consulting services.
02
On Demand IT Security Consulting // Option 02
10 consulting days – 3 days minimum
Recommended for medium-sized companies with various interlocking IT security areas and applications.
03
On Demand IT Security Consulting // Option 03
20 consulting days – 5 days minimum
Recommended for large companies and groups with several departments and applications in the company. If knowledge is required in several specialized areas and in-depth solutions, measures and strategies are needed on a larger scale at the same time.
Workflow and Cooperation
-
// Consultancy on established and recent standards
// Best practices for your applications and projects
// Specific recommendations for action to protect your systems and applications
// Necessary measures against the greatest risks, e.g., OWASP Top 10
// Various regulations: DORA, PSD2, BSI requirements, etc. -
// Single sign-on – SAML, OpenID Connect, OAuth 2.1, FAPI, Keycloak
// Web services solutions – SOAP APIs or REST APIs
// Web application implementation – content security policy, protection against XSS, UI redressing
// Cryptographic protocols and standards – TLS, SSH, VPN, AES, RSA
// Data formats – JSON, XML, X.509, ASN.1
// Document formats – PDF, ODF, OOXML
// Information rights management - Microsoft RMS, Azure Rights Management, Oracle IRM
Examples of questions and topics for our on demand IT security experts:
Single Sign-On
> How can the differences between OAuth and OIDC be summarized? Which protocol do we need in our scenario?
> Our clients are allowed to request certain scopes. What effects would it have if we no longer validate the scopes at the IdP? What dangers/risks would arise here?
> What security recommendations are there for the configuration of OIDC/OAuth flows with Keycloak?
Web Security
> We have heard about JSON hijacking. Is JSON hijacking still a problem? If so, what countermeasures should we take?
> Our API server uses an outdated XML library that is vulnerable to specific XML attacks. In our firewall, we only enforce JSON, with a JSON media type. But what happens if XML is transmitted in the payload? After all, will our API server try to parse XML? Are we safe?
> Do you have a standard guideline for "developing secure web applications" that we can adapt?
Cryptography
> Can we use mutual TLS for our internal APIs? What are the security benefits of mutual TLS, and what are the implications for our employees?
> Should we use RSA certificates or ECDSA certificates in our TLS server configuration? What are the advantages and disadvantages of these algorithms?
> We evaluated our servers with testssl and TLS-Scanner. The tools reported that we are vulnerable to SWEET32 and Lucky13. What impact do these attacks have and are they relevant to us? How can we improve our configuration?
Optimize the Efficiency and Security of Your Systems.
Rely on Our Expertise.
// Consulting (Full Service) – The all-round consultancy for extensive projects >>
// Penetration Tests – Overview and workflow >>
// IT Security Training – Our complete portfolio of training courses >>
// Threat Analyses – Optimized protection right from the start >>
Frequently Asked Questions and Answers - On Demand IT Security Consulting
-
There are several standards and documents with recommendations that provide relevant information on specific areas (e.g., technical guidelines from the BSI or OWASP cheat sheets). However, these are often difficult to understand or not directly applicable to your IT landscape. Our task is to understand them and adapt them to your needs.
-
The core areas of responsibility include security assessment of the technologies used, identification of vulnerabilities and risks, and recommendation of state-of-the-art IT security best practices. We also provide support with the implementation of security solutions and the configuration of your infrastructure.
-
Our consulting contract gives you access to specialized knowledge and experience that is often difficult to replicate internally. Hackmanit is able to quickly identify current and potential security risks and develop effective strategies to address them, minimizing the risk of data breaches and cyber-attacks. In addition, such a contract provides a flexible and cost-effective solution for strengthening IT security.
-
Our services are billed in 15 minute intervals, which gives you the flexibility to ask short, security-specific questions.
Your Contact for Your On Demand IT Security Consulting
Prof. Dr. Juraj Somorovsky
juraj.somorovsky@hackmanit.de