Security Review, Penetration Testing

Situation

Your software project is at the stage where you would like some verification that it is going to be able to resist attacks from your likely attackers.

You have deployed your project to the Cloud and need some confirmation that the infrastructure is configured correctly so that your attackers can not compromise your customers.

Docker containers can be a god send for creating micro-service architectures, but often Docker environments are insecure by default.

Your Software Engineers are building networks by way of infrastructure as code (IaC). These networks need security review and sometimes penetration testing.

We can do better

Would you like peace of mind that your software project is going to be able to withstand the likely attacks from your adversaries?

Achieving and maintaining a level of security with your cloud configuration, security rules and settings can be a daunting task. Would you like to be able to relax and be confident that this is taken care of?

Securing your micro-service and Docker environments is not for the faint hearted, this is an area that Kim has a wealth of experience in. You too can share the same knowledge that your micro-service and Docker environments are well secured.

With the knowledge and experience that we have with cloud environments and tools such as Terraform, Ansible, etc, you can rest assured that the networks your Engineers are creating are configured correctly, and will resist the attempts of your attackers.

How we can help

Although we advocate bringing the security focus up front where it’s the cheapest to implement, we understand that this is a journey that takes time. Ultimately our aim is to help you get there, but in the interim, we can work with you by reviewing, testing and establishing a solid security stature across your market offerings.

We can review, penetration test, evaluate costs and trade-offs, provide a custom report outlining the defects and effective mitigations. Then work with your development team(s) to help them understand the issues and how to apply the mitigations themselves, thus aiding recognition of future defects as they’re introduced, saving large amounts of rework. We can also simply fix the defects for you if that’s your preference.

We can traverse the minefield of your cloud environment with you. Locate, document, and work with your Engineers helping them to rectify the security issues in your cloud deployments, or apply the necessary remedies for you and your teams.

Network security is an area that Kim has been actively engaged in designing, building and breaking for many years. We can work with you supplying valuable knowledge and experience to your project.


Let us review, test, and provide the peace of mind that your market offerings will withstand the attacks from your adversaries…



Reserve Your Consultation

Currently we have availability for select new clients.


Reserve Your Confidential Consultation


Due to the sensitive nature of these engagements, they are not usually added to our portfolio, but you can see…

What our customers are saying

Stefan Streichsbier

Numisec Pte. Ltd

I’ve met Kim at DevSecCon Singapore in 2017 where he gave a well-received workshop. A few months later we had a project where his top-notch strong Node.js security code review skills were required and this gave us the chance to work together closely.

Over a 2 week period he was doing security code reviews of containerized Node.js microservices in a very thorough way. We communicated well and progressed quickly. Kim has a very broad yet deep understanding of modern application security that comes from years of experience. I can recommend Kim to anyone who needs an application security expert and wants a professional second opinion on the security posture of an application.


Kim has spent significant effort in researching Docker security, how to determine insecure environments, configurations, how to provide countermeasures, and has written on the topic extensively. Kim has also liaised with and interviewed the Docker Security Team Lead, and is well equipped to address and rectify any security issues you may have with Docker environments.

BinaryMist project leveraging Docker and Terraform to create free and secure networking components:

AWS Docker Host

Kim has also detailed some of his network knowledge in the Network chapter of his second book, along with interview of network security guru Haroon Meer.

Because Kim has spent many years in development and engineering, as well as performing security reviews and penetration tests, he brings a unique and holistic view of what is required from both sides (defence and attack), being able to work with your team(s) to provide effective and realistic simulations of real-world attacks, at the same time, coaching your developers what to look for.



Reserve Your Consultation

Currently we have availability for select new clients.


Reserve Your Confidential Consultation


Due to the nature of this type of work, we can only take on one new client per month.