Services - Security

  1. Home
  2. Services
  3. Services - Security

Security in Our Applications

Security is built into our development lifecycle from design to deployment. We combine secure coding practices, automated security tooling, and the use of dedicated hardware for storing sensitive data.

1. Secure Development & Code Scanning

We ensure application security early and continuously by:
Static Application Security Testing (SAST):

Automated scanning of our .NET and front-end code to detect vulnerabilities such as injection, insecure deserialization, hardcoded secrets, insecure cryptographic usage, etc.

Software Composition Analysis (SCA):

Regular scanning of thirdparty libraries and NuGet/npm packages for known vulnerabilities (CVEs) and license issues. Vulnerable dependencies are upgraded or replaced as part of our CI process.

Security Gate in CI/CD:
  • Code is scanned on every commit and pull request.
  • Builds can be blocked if critical or high severity issues are detected.
  • Security findings are reported directly into the development workflow (e.g., PR comments, task tracking) to ensure quick remediation.
Secure Coding Standards&Reviews:
  • Internal secure coding guidelines aligned with OWASP recommendations.
  • Mandatory code reviews with a focus on authentication, authorization, input validation, error handling, and data exposure.

2. Storing Sensitive Data in Dedicated Hardware

Wherever possible, we avoid storing sensitive information in application code or standard storage and instead use dedicated hardware and secure enclaves:
Hardware Security Modules (HSM):
  • Cryptographic keys (e.g., for TLS, signing, encryption) are generated and stored in HSMs.
  • Private keys never leave the HSM; applications communicate with the HSM via secure APIs for signing and decryption operations.
  • This minimizes the risk of key exposure, even in the event of a system compromise.
Trusted Platform Module (TPM):
  • Used on servers or endpoints to protect keys tied to the specific device.
  • Supports secure boot, attestation and protection of machinelevel secrets, such as certificates or disk encryption keys.
  • Increases resistance against physical attacks and tampering.
Mobile Devices&Biometrics:
  • On mobile applications, sensitive tokens and keys are stored in OSmanaged secure storage:
    • iOS: Keychain + Secure Enclave
    • Android: Keystore + hardwarebacked Trusted Execution Environment (TEE), where available
  • User authentication can be bound to biometrics (Face ID, Touch ID, fingerprint, etc.), so:
    • Biometric data never leaves the device and is not accessible to the app.
    • Highvalue actions (e.g., payment approval, viewing sensitive data) can be protected with a second factor (biometric/OSlevel prompt).

3. Additional Security Measures

Secrets Management:
  • No secrets in code repositories.
  • Secrets and connection strings are stored in secure vaults (e.g., cloud key vaults) and injected at runtime.
Encryption in Transit and at Rest:
  • All communication is protected with TLS.
  • Sensitive data at rest is encrypted, leveraging keys stored in HSM/TPM or secure key vaults.
Regular Security Testing:
  • Periodic penetration tests and security assessments.
    • Continuous monitoring for anomalies and security events.