Our Services

Expert consulting services for modern application security challenges, including identity management, authentication, and authorization solutions.

Our Expertise Includes

• Web application security: Comprehensive security solutions for web applications
• Application security best practices: Implementing industry-standard security practices in your applications
• OpenID Connect and OAuth: Modern authentication and authorization protocol implementations
• High security using OAuth DPoP, FAPI 2.0, CIBA: Advanced security standards for financial-grade APIs and enhanced authentication
• SAST: Static Application Security Testing to identify vulnerabilities in source code
• SonarQube: Code quality and security analysis integration
• Swiss E-ID Integration (swiyu): Implementation and integration of Swiss electronic identity solutions
• IAM (Identity and Access Management): Comprehensive identity management solutions for enterprises
• MFA, Passkeys, easyauth.ch: Multi-factor authentication and modern passwordless authentication methods
• Identity Provider Consulting:
  • Duende IdentityServer
  • Entra ID (Microsoft Azure AD)
  • Auth0
  • OpenIddict
  • Entra External ID
  • Azure AD B2C
  • Keycloak

Applications and Solution Security Assessment

• Risk analysis of your applications, solution, environment and current development projects
• Security architecture assessment
• Review the authentication flows
• Authorization assessment of solution
• DevSecOps assessment including SBOM, licenses, team setup, environment security, deployment security
• Session security review
• Data security analysis

Security Coaching and Best Practices

• Coaching your developers in implementing the latest security architecture and technology
• Recommendations for improvements

Prerequisites

• Assessment requires read only access to the code
• Requires read only access to deployment environments
• Requires read only access to DevOps system
• Requires access to app for testing

Reporting / Deliverables

• Recommendations for improving application security
• Initial security context model
• Review meeting to explain the findings

Specialized consulting for Microsoft Entra ID implementations and integrations.

We help organizations leverage Entra ID's capabilities for secure identity and access management, including:

• Entra ID implementation and configuration
• Single Sign-On (SSO) setup
• Conditional Access policies
• Application integration
• B2B and B2C scenarios
• Identity governance and compliance

Comprehensive hands-on security training workshops designed to help development teams build secure applications from the ground up.

Our workshops cover modern security practices, secure coding techniques, and practical implementation strategies. Perfect for teams looking to enhance their security knowledge and skills.

Specialized consulting for identity and access management architecture, helping organizations design and implement secure, scalable identity solutions.

Our Expertise Includes

• Integration and federation architecture
• Integrating AGOV and other IDPs
• Integrating swiyu, Swiss E-ID
• Authentication protocols
• Level of identity architecture
• Level of authentication architecture
• Standards and best practices
• On-Premise, cloud or architecture for both consulting

We can help you mitigate possible attack vectors in the development process by implementing best practices in Azure DevOps and/or GitHub. The main focus is to protect your company and team's source code, artifacts, pipelines, and comply with regulations. We are experts in this area and continue to evolve. As part of the ISO 27001 certification, we continuously improve in that area to be able to do state-of-the-art DevSecOps in our large individual development team.

Our Offer Includes

• DevSecOps security consulting tailored to your needs
• Implementation of secure Azure DevOps Pipelines and GitHub Actions workflows
• Automated infrastructure deployments using secure Infrastructure as Code (IaC)
• Professional key and certificate management
• Seamless integration of static security testing with SonarCloud into the development process
• DevSecOps training