Safe innovation

Technology

Security

Technology

Tools or Your Success

And many many more like Python, React, React Native, Angular, Vue, Next.js, Cypress, Diesel, WebAssembly, WebGL, Websockets, Redis, MySQL, Postgree, MongoDB, Linux, etc.

Node.js + Typescript

Our default choice for non-critical code

Rust

When performance, stability and security matter most

Java

Systems already in Java? No problem!

Docker

Our baseline for scalability and isolation of each service

Buddy.Works

Our preferred CI tool… reliable and flexible

Kubernetes

Microservices at scale with smooths deploys

AWS & Digital Ocean

Our cloud providers… We can build hybrid cloud system too.

Ansible

It keeps all servers safe. We apply our curated recipes.

Kafka

Scaling millions of events? No problem.

Event Store

Created for our DNA patterns (DDD and Event-sourcing)

techniques

Put our tools to good use with these patterns.

Depending on the size of your project, we will use different techniques. Here’s some of the ones we can use.

 

Event-sourcing

Ready to scale your data and integrate it with everything you need. Event-sourcing makes your data auditable in real time with almost no effort compared to traditional centralized database systems.

Microservices

We deploy event driven microservices to ensure scalability, reliability and fail tolerance. Each microservice can be fixed, deployed and scaled independently. This enables the use of different technologies in each service, providing flexibility during development.

Domain Driven Design

We follow DDD while designing our applications. DDD is a proven set of tactics and strategies aimed at building complex systems successfully.  It was designed with microservices and event-sourcing in mind, making it the perfect choice when you need to scale.

SOLID + TDD

SOLID and TDD ensures that we’ll be able to expand and modify the code without the need for making huge refactors, keeping everything else running smoothly. We develop knowing that the challenge is not the first features, but instead the last ones. Our code is built to last.

Continuous Delivery

We don’t allow time for huge deployments where things may break. We deliver quickly and regularly, making sure that you can test and iterate the requested features in matters of weeks. We configure each deployment with tests and safety checks so that bugs are avoided. 

eXtreme Programming

We use Pair Programming and expose our programmers to the client in order to guarantee that their requirements are met by our code. The team works together to solve your problems in the most sensible and efficient way possible. We usually use Event-Storming.

SECURITY

Timely responses for maximum security

We implement and follow proven legal standards for security, privacy and data compliance. We have experience with handling GDPR for our clients, as well as protecting industrial secrets, adhering to user privacy requirements and state standards, navigating crisis response, etc.

We can build redundant, fail tolerant systems that will assume no trust in other systems in order to ensure maximum security and reliability.

Security Techniques

NDA

All our employees have signed an Non Disclosure Agreement and are trained at managing secrets.

GDPR

We know how to implement GDPR-ready systems and can provide the tools to make this happen.

Device Encryption

We use only fully-encrypted devices with safe encryption algorithms.

Trainings

Employees are trained in how to keep and communicate sensitive data.

Data localization

We can build international systems that keep the data localized in the correct continent.

Authentication

Double factor authentication and password managers are enforced internally to prevent data leaks.

Recommendations

If needed we can recommend systems and platforms for data protection and compliance.

De/Provisioning

We have clearly defined provisioning and deprovisioning employee processes.

Secrets Transfer

We only communicate secrets via protected media.

Data Audits

We use audit tools to track data and documents through our company.

Standards Compliance

We follow STIG and other standards for security and data protection.

Code Audits

If needed we can provide a third party code audit to ensure maximum security.

Security Technologies

Proactive App Monitoring And Thread Detection

We use tools like Sentry, Datadog, New Relic and ThreatStack to monitor any problem or breach. Other tools can be used if required. Logs are anonymized and analyzed.

Server Hardening

Servers are secured and hardened with a minimum attack surface mentality. We follow standards, like STIG for server hardening, as closely as possible. Compliance with the client’s standards can be implemented on demand.

Passwords And Secrets

We prefer to use Argon2 or scrypt rather than bcrypt (due to FPGA weakness concerns). In no case will we use SHA or any other generic hashing algorithm. For purposes other than identity, data is encrypted and transmitted between servers, after which it is stored in hardened servers.

Mission Critical Applications

For mission critical systems we will use languages with greater security guarantees like Rust. Extra effort will be put in order to minimize the code dependencies with third parties and only widely know and open source libraries that prioritize security will be used.

Code Coverage and Test

In order to minimize undefined behavior we can apply a 100% code coverage with eXtreme Programming. We will propose TDD and a high code coverage for every project. Fuzz Testing can be implemented for finding hidden, undefined behaviors which may become security problems.

Are you ready to start?

Send an email or call us with any questions. We look forward to working with you and seeing your business succeed.