Information security is a mission-critical issue for businesses of all sizes today.
Company management, clients, investors all demand guaranty that their proprietary
information is protected. Dev-Fx offers you professional security consulting services
committed to effectively protect your software from existing security threats.
Delivery of secure software solution is our business.
Once we start a new software system development, security requirements are always
taken into account by Dev-Fx engineers as a key priority.
Our experts address software security measures proactively right from the project
inception, when we design software architecture for your future solution. This is
how we ensure that every solution delivered by Dev-Fx is secure.
We have established a reputation of providing top notch security
consultancy to large enterprises and small companies. Our security
engineers have leading edge experience in helping customers to detect and fix security
holes at all layers: Application, System and Network layers.
We have knowledge and use the most effective tools, products and technologies to
provide proactive implementation of security measures to all known security threats.
Products and Technologies
Our security protection toolkit includes the following products, techniques and
technologies that have proved themselves over the long time:
- IBM Tivoli Access Manager
- IBM WebSphere WS-Security Support
- IBM Directory Server
- Microsoft Directory Server
- BouncyCaslte.org library
We Address the Threats
- Spoofing identity
- Tampering with data
- Information disclosure
- Denial of service
- Elevation of privileges
Our software developers follow a number of principles
and approaches that completely protect applications against the described threats.
We encrypt all private information such as passwords, credit card numbers or other
sensitive information when your application communicates data with a remote client.
We implement authentication using passwords or digital client certificates. Authentication
allows our customers to confirm the user's identity. This information can be used
to keep tracking of all users activities in a system should customers need that.
We use digital signatures to make sure the information was not changed after it
had been released. Any information such as files, documents, communication artifacts
and other data can be signed with digital signatures.
We check whether a user who was identified in authentication process has sufficient
privileges to perform an asked action or access the requested information. It is
a crucial concept for any application aimed at supporting multiple user roles.
Keeping an audit trail
We are keeping an audit trail for any application that stores private data or provides
services. Every action performed by a user - from visiting a Web page up to accessing
a specific software area - can be recorded and reflected in audit records inside
Modular design for application
We design solutions in modular mode to offer customer additional security protection.
Properly designed modules always share minimum data and do not allow other modules
to intervene in their work. If attackers by any chance get control over a certain
module, they will still unable to damage any other parts of the same application.
Should our customer need so, we always offer input validation functionality in our
systems. No system user can submit a code or a database command that will be able
to break its pages, or - which is much more critical - corrupt or erase the stored
Limiting allocated resources
To prevent your system from the problems such as DOS attacks, we will design your
system in a way that all the expensive activities are not available for public use.
If such DOS attack ever happens, attackers will not be able to make your application
highly busy and delay critical processes.
The principle of least authority
According to this principle, we design the system that grants to any application
user as minimum privileges and permissions as they need to play their business role
and perform the required actions.