Security Review, Penetration Testing

Situation

Your software project is at the stage where you would like some verification that it is going to be able to resist attacks from your likely attackers.

You have deployed your project to the Cloud and need some confirmation that the infrastructure is configured correctly so that your attackers can not compromise your customers.

Docker containers can be a god send for creating micro-service architectures, but often Docker environments are insecure by default.

Your Software Engineers are building networks by way of infrastructure as code (IaC). These networks need security review and sometimes penetration testing.

We can do better

Would you like peace of mind that your software project is going to be able to withstand the likely attacks from your adversaries?

Achieving and maintaining a level of security with your cloud configuration, security rules and settings can be a daunting task. Would you like to be able to relax and be confident that this is taken care of?

Securing your micro-service and Docker environments is not for the faint hearted, this is an area that Kim has a wealth of experience in. You too can share the same knowledge that your micro-service and Docker environments are well secured.

With the knowledge and experience that we have with cloud environments and tools such as Terraform, Ansible, etc, you can rest assured that the networks your Engineers are creating are configured correctly, and will resist the attempts of your attackers.

How we can help

Although we advocate bringing the security focus up front where it’s the cheapest to implement, for some organisations, this takes time to get to this point. We would like to help you get there, but in the interim, we can help you with reviewing, testing and establishing a solid security stature across your products.

Kim can review, penetration test, provide a custom report outlining the defects and effective mitigations. Kim can also apply the mitigations or if you prefer, work with your development team(s) to help them understand the issues and how to apply the mitigations themselves.

We can traverse the mine field of your cloud environment for you, locate, document, work with your Engineers to rectify any security issues in your cloud environments, or apply the necessary remedies for you and your teams.

Kim is able to review, test, evaluate costs and trade-offs, document, and inform you of areas that could be improved, and then go ahead and apply the necessary improvements, or simply coach your development teams on how to apply the security mitigations and improvements, so that this becomes second nature for your Engineers.

Network security is an area that Kim has been actively engaged in designing, building and breaking for many years. Let Kim apply his knowledge and experience to your project.


Let us review, test, and provide the peace of mind that your products will withstand the attacks from your adversaries…



Reserve Your Consultation

Currently we have availability for select new clients.


Reserve Your Confidential Consultation


Due to the sensitive nature of these engagements, they are not usually added to our portfolio, but you can see…

What our customers are saying

Stefan Streichsbier

Numisec Pte. Ltd

I’ve met Kim at DevSecCon Singapore in 2017 where he gave a well-received workshop. A few months later we had a project where his top-notch strong Node.js security code review skills were required and this gave us the chance to work together closely.

Over a 2 week period he was doing security code reviews of containerized Node.js microservices in a very thorough way. We communicated well and progressed quickly. Kim has a very broad yet deep understanding of modern application security that comes from years of experience. I can recommend Kim to anyone who needs an application security expert and wants a professional second opinion on the security posture of an application.


Kim has spent significant effort in researching Docker security, how to determine insecure environments, configurations, how to provide countermeasures, and has written on the topic extensively. Kim has also liaised with and interviewed the Docker Security Team Lead, and is well equipped to address and rectify any security issues you may have with Docker environments.

BinaryMist project leveraging Docker and Terrafrom to create free and secure networking components:

AWS Docker Host

Kim has also detailed some of his network knowledge in the Network chapter of his second book, along with interview of network security guru Haroon Meer.

Because Kim has spent many years in development and engineering, as well as performing security reviews and penetration tests, he has a unique and holistic view of what is required from both sides (defence and attack), so is able to provide effective and realistic simulations of real-world attackers and at the same time, coach developers what to look for.


Due to the nature of this type of work, we can only take on one new client per month.


Reserve Your Consultation

Currently we have availability for select new clients.


Reserve Your Confidential Consultation