Secure design through continuous practice

Capability

Each web facing project goes through our enterprise grade security solutions provider to ensure that it meets modern web security standards. We also cater for other enterprise level vendors should our clients have their own preferred vendors.

We take great care when developing our solutions, ensuring that they are secure at every point in the development lifecycle as well as when we hand them off as completed projects. This requires constant research, awareness and training that we provide to our staff. Every two weeks we see fundamental shifts in the industry relating the security incidents and best practise. We keep on the forefront of this by listening to industry leaders, and using a constant security approach to evolve our practises to try and stay ahead of the curve.

 

Methodology


As security is progressive, we look to industry leaders and organizations that define the best modern security practises across the web. We look at the Open Web Application Security Project (OWASP) organization’s top 10 web security issues as a benchmark for how we analyse the security of our applications.


We look at the guidelines and practises of security qualifications such as the Certified Information System Security Professional (CISSP) to help guide all our staff into a security driven mindset where application, organization and physical security controls help to make our business and the business we provide to our clients safer.

Technology Used

Acunetix

Acunetix has been an industry leader in security penetration testing for years, their industry focus and experience has helped us track down security issues on numerous projects. They are a great technology provider and a proactive leader in the industry when it comes to security. 

Detectify

As our reliance and digital evolution exponentially increases, so with it does the treats to those digital products and services that become the new normal. Detectify is one of the only technology providers that we have come across that embraces this change as part of their business model. Every two weeks they update their threat database with new findings that have been crowd sourced globally. These updates then trigger a new scan to ensure that what was safe yesterday is still safe today. They are our preferred vendor in automated security scanning. 

Projects Built With

HKTB: Hong Kong Tourism Board Digital Platforms

Ocean Park: Website Revamp

HKIA: Website Revamp

Sino: Distinction through Digital Hospitality

IHK: Seamless Business Experience Design

HKICPA: Growth Beyond Networking