Sekurno

Please describe your company and your position there.

I'm a Senior Software Engineer at appflame - a mobile app development company headquartered in Kyiv, Ukraine. Our company has over 180 employees, and our products are in top charts of tier-1 markets.

For what projects/services did your company hire Sekurno?

We have a couple of mobile applications containing large quantities of user data, so we decided to make a full security audit of the apps to make sure that they meet the highest security standards.

Additionally, in view of good results of the applications’ audit, we also made a security audit of the company infrastructure.

What were your goals for this project?

Since our apps are in the dating and social discovery category, we care a lot about our users’ privacy and security. Not only because this is required by the stores and legislation, but also because we believe that this is essential for any application on the market.

We’re now changing our development process by adding a trust and security team into the loop, so the expertise of an external provider were very valuable for our development in this area.

How did you select Sekurno?

We held interviews with a few companies on the market. Sekurno provided us with the best, well-rounded offer, which covered all our needs and didn’t include unnecessary add-ons.

Besides, their representatives showed high professionalism in communication and provided great examples of their previous work, which made it an extremely easy choice for us.

Describe the project in detail.

The scope of Sekurno Team included penetration testing of iOS and Android applications, and API. Their task was to check interface, source code, vulnerabilities, discover security bugs, and provide detailed analysis of security issues with proof of concept. The team also provided detailed recommendations on each discovered bug.

What was the team composition?

The team included security experts from Sekurno, as well as DevOPS and Software Developers from our side.

Can you share any outcomes from the project that demonstrate progress or success?

We can’t share the details, but we’ve received an extensive report with all the insights on the changes we need to implement to make our product more secure, as well as recommendations in the compliance area.

As an additional bonus, we also received a checklist and recommendations for further secure development.

How effective was the workflow between your team and theirs?

The workflow was really smooth, we’ve had a couple of intro meetings to make sure that we’re all on the same page.

During the project, we had weekly checkpoints, as well as emergency calls if something critical was found.

Overall, it was a great pleasure to work with Sekurno team as we were always aware of the project status and notified about the changes in advance.

What did you find most impressive about this company?

Sekurno is a great company with very friendly and pleasant employees. We really liked the way they adapted to our working style and made sure that we’re updated at every stage of the project.

Perhaps, the most impressive thing was their critical thinking on all matters – we only received facts and verified issues, no irrelevant information.

Please describe your company and your position there.

One of the most important aspects in the Information Security strategy of Digitally Inspired is to ensure that we can evidence compliance with the GDPR legislation.

For what projects/services did your company hire Sekurno?

For GDPR Compliance Assessment.

What were your goals for this project?

As a software development company we need to ensure that privacy by default and privacy by design principles are followed by our specialists and business processes, that is why we requested subject matter experts from Sekurno company to evaluate our business processes based on GDPR requirements.

1. Identify GDPR compliance status by the third party.
2. Define security and privacy controls, which can improve DI ISMS.

How did you select Sekurno?

The company was referred to us.

Describe the project in detail.

Sekurno performed GDPR Compliance audit for DI internal processes.After the project, we received a detailed report that reflected the results of the GDPR compliance assessment. This included recommendations on how to improve our security and privacy controls.

What was the team composition?

Sekurno has assigned their Security Lead and Legal Counsel for this project.

Can you share any outcomes from the project that demonstrate progress or success?

We received a detailed report which defines strengths and areas for improvement of DI ISMS in regards to GDPR compliance. The Sekurno team was able to qualitatively analyze the current privacy compliance state and identify controls, which can help Digitally Inspired to improve Information Security Management System. An individual approach experienced privacy professionals and focuses on the details are really impressive. We are happy that we chose Sekurno!

How effective was the workflow between your team and theirs?

The Sekurno team quickly responded to any of our issues or questions, so we were able to resolve problems when they appeared.

What did you find most impressive about this company?

They are a team of professionals who provides quality services.

Are there any areas for improvement?

None.

Please describe your company and your position there.

I am Co-Founder and CTO of legaltech startup Legal Nodes( https://legalnodes.org ) - a legal service marketplace which enables clients to easily find legal solutions for their legal needs, and for legal providers to automate client search and intake.

My responsibilities include: development of project's technical solutions(both by myself or by managing the team of developers), devops, digital security and other technical needs of our project.

For what projects/services did your company hire Sekurno?

Our project works with legal and personal data, so security of our platform and our users' data is of primary importance to us. We hired Sekurno to receive cybersecurity audit of our platform and to receive report on existing security issues that can become security risks.

What were your goals for this project?

1. Identify the main risks to cybersecurity of our platform
2. Receive reports and recommendations on found issues
3. Plan measures to eliminate found risks

How did you select this vendor?

Sekurno were recommended to us by our colleague. During initial meeting with Sekurno's representatives and discussing conditions of our collaboration, we were pleasantly surprised by their professionalism, client-oriented approach and responsiveness. This is why we have decided that this company is best suitable for needs of our project.

Describe the project in detail.

After selecting Sekurno as our cybersecurity audit provider, we had several organizational calls and meetings, the purpose of which was to receive better understanding of our system and to define scope of audit. Also we have discussed how to prepare our systems for audit in order to receive accurate results and not to cause stress for our live-product.

After preparing our platform for audit, we signed all required legal agreements with Sekurno. Following that, the Sekurno team has begun audit process, during which they were sending us regular updates on progress and results.

At the end we have received detailed report on all found cybersecurity issues, steps to reproduce them and recommendations on their elimination.

What was the team composition?

Sekurno has assigned their Security Lead and a team of security engineers to our project.

Can you share any outcomes from the project that demonstrate progress or success?

As a result of security audit, we have received a report on security issues found on our platform, steps to reproduce them and recommendations on their elimination. Thanks to this report we were able to make significant progress in digital protection of our platform.

How effective was the workflow between your team and theirs?

The Sekurno team proved to be highly professional and responsive, communication was regular, comfortable and on-point.

What did you find most impressive about this company?

Very comfortable communication, customer-oriented attitude, and sensitive approach towards customer safety are the traits that we liked the most about Sekurno.

Are there any areas for improvement?

None to think of