Which code security scanners are suitable? What are SAST, DAST and IAST? How is security integrated into modern DevOps and cloud environments? How can security be embedded into Scrum processes and how can we avoid slow security processes that interfere with our CI/CD pipeline? We help you to secure your software development, operation and deployment processes.
No matter how technologically well-protected you are against attacks, technology is just one aspect of a company’s overall security strategy. How employees act when security problems occur and how the flow of information is structured in an emergency are just as important. How is your risk management structured? What processes are in place in the event of a cyber attack? What are the most important assets, and how compliant are you? We support you to meet the requirements of ISO 27001 and the European General Data Protection Regulation (GDPR).
Your company can only be secure if you have appropriately trained staff. We offer hands-on training courses tailored to developers and architects. Our training will enable them to detect current risks in the software landscape, develop solution strategies, become familiar with hackers’ techniques and evaluate security incidents more accurately. We can also help you to set up your own in-house training program to embed security knowledge in your company on a permanent basis.
7 major risks for your CI/CD pipeline
When securing your CI/CD pipeline, it is not only about producing a secure product – it is also about securing the pipeline itself. Here are 7 major risks for your CI/CD pipeline and a few ideas on how to threatmodel...
The crazy world of building application security programs @ Elbsides
Having had the opportunity to present a talk at Elbsides in Hamburg in 2019, we did exactly that :) Elbsides 2019 was the start of a new Security Conference in Hamburg in the Spirit of the BSides security conferences. Here...
Building modern SSDLCs - Securing Software at Scale
Security in the last years was mostly focused on infrastructure protection, but application security has slowly grown in relevance and will likely continue to do so. Applications play a growing role for businesses and application specific security programs are often...