JWP Consulting GK

At JWP Consulting GK, we specialize in developing, testing, and maintaining secure software systems. With a focus on

• security engineering and auditing
• system architecture
• secure coding

we make sure your software runs securely and complies with regulations.

Here are some issues many companies face when developing or maintaining software systems:

• Technical knowledge: It’s difficult to understand whether a design or implementation is compliant with privacy and IT security regulations. Companies often have to adhere to regulations such as GDPR or ISO 27000 series, but lack expertise and confidence in implementing them on a technical level.
• Security auditing: No comprehensive audits (penetration tests, code reviews, etc.) of a product or service exist, and there are no in-house capabilities to perform them.
• Preventive measures: Despite past security incidents, organizations don’t create adequate measures to prevent similar incidents from happening again.
• Increasing threats: There’s increasing worry that a company may become the next target of a customer data leak, ransomware attack, or any other devastating incident. Any of these incidents can affect the confidentiality, integrity or availability of company resources, and impact reputation and customer trust.

Are you facing any of these challenges? Let us help. Reach out to us for a consultation. Here’s how we can help you confidently tackle these challenges:

• We provide both technical knowledge and practical experience, having built and maintained many software systems in many challenging operating environments (embedded, distributed, air-gapped, etc.)
• On top of developing secure software systems, we’re confident in our ability to audit and harden your systems. We’re aware of regulatory requirements and help you align with all technical requirements. Find out how we can help you.
• We’re up-to-date with the latest risks and threats to software systems, and can help you catch up and make sure your software systems are secured from risks for years to come.
• Proactive measures are highly effective, especially when the threat landscape is ever-changing. We can help you understand how new threats affect your system architecture and adapt your systems in order to prevent damage. Secure your product or service by leveraging our expertise in system architecture.

Are you interested in securing your software system? Reach out to us for a consultation.

Security engineering and auditing

We conduct security audits and reviews, allowing you to be confident that your software can withstand threats and is compliant with industry regulations. We provide the following services:

• Secure development:
  • Secure code reviews
  • White-box security testing
  • Formal verification
  • QA automation
• Penetration testing
• Binary analysis and reverse engineering

With extensive experience in practical cryptography, we can guide you in developing software that incorporates advanced cryptographic technologies and secure development practices such as:

• Public-key cryptography, especially elliptic-curve cryptography (ECC)
• Reliable message authentication and protection from replay attacks (MAC, ECC signatures)
• Secure data encoding (ASN1-based formats, JWT, XML-Enc) and prevention of deserialization-related RCE vulnerabilities
• Air-gapped software deployment (single static binary deployment)
• Reproducible and deterministic build systems using Nix
• Cross-platform debugging and reverse engineering using emulation and virtualization techniques

We’re familiar with a broad range of business sectors and software architectures. Are you interested in receiving a security assessment for your product or service? We’d love to hear from you.

System architecture

We can help you review your secure system architecture and make sure that your product or service follows industry best practices. We’re experienced with the following domains:

• Web apps:
  • Django and Django REST Framework
  • Tailwind CSS
  • React
  • Svelte and SvelteKit
  • Nginx
  • Caddy
• Deployment and QA automation
  • Ansible
  • CI/CD services: GitHub Actions, CircleCI, Jenkins
  • Test frameworks: pytest, Jest, Vitest
• Networking
  • WireGuard
  • IPv6 networks
  • Podman and Kubernetes clusters
• Secure Architecture:
  • Defense in the depth
  • Fail-safe and fail-secure systems
  • Data sanitization

We can assess and improve the security of your web app. Almost every web app is vulnerable to at least one of the OWASP Top 10 vulnerabilities. Even using the latest version of a framework doesn’t automatically protect you from issues such as

• Security misconfiguration, for example exposed cookies in the browser DOM.
• Insecure design, such as exposing JWT tokens to clients that are vulnerable to cross-site scripting, leading to vulnerabilities that aren’t visible at first glance.
• Broken Access Control, such as exposing objects by UUID on external storage providers without validating authentication or authorization, leading to critical loss of confidentiality.
• Data Integrity Failures, such as accidental deserialization and execution of attacker-provided payloads (for example, Python pickling or unsafe YAML deserialization), possibly compromising your server infrastructure.

Adding more features to a web app increases the risk of inadvertently introducing vulnerabilities. Contact us for information on how to comprehensively test and secure your app.

Platforms

We understand the critical role choosing the appropriate tools and platforms to develop secure and high-performance software. We can help you perform security assessments for your products and services. We’re experienced in secure development for the following platforms:

• Cloud platforms (PaaS and IaaS):
  • Heroku
  • DigitalOcean
  • Render
• Linux:
  • NixOS
  • Debian
• Containerization and orchestration:
  • Podman
  • Docker
• Embedded systems:
  • PIC MCUs
  • MSP430

We use proven technologies to develop secure software. We help you select and deploy the best platforms and tools that give you speed, reliability, and exceptional user experience. Contact us for more information.

Secure coding

We can help you use programming languages in a safe way while maximizing productivity with modern development tools.

• Gradually typed languages:
  • Python
  • TypeScript
• Systems programming languages:
  • Rust
  • Embedded C
  • Go
• Web standards:
  • HTML 5
  • CSS 3
  • WebSockets
• Data Processing:
  • Numpy
  • Pandas
  • J

Common concerns when working with any language and their library ecosystems are:

• There’s a lack of confidence in the security and reliability of third-party dependencies.
• The tooling surrounding these languages is complex. It takes years of experience to spot and fix coding errors without delay.
• As platforms and languages change, it’s difficult to keep up-to-date with changes.

We can help you address these issues. Would you like to improve the security of your code base? Please contact us.

Languages

We provide services in the following languages:

• English
• Japanese
• German

Industry sectors

Industrial sectors that we work in are:

• Information Technology
• Financial Accounting
• Electrical Engineering

Projectify

We’re proud to announce the development of Projectify. Projectify is a project management app designed to meet the demands of fast-moving and Agile software development teams. Our goal with this product is to provide a product that prioritizes performance, reliability, and accessibility. This makes it the ideal choice for teams that use the Kanban software development method as part of their development process.

With the product being open source, our users have complete control over their data and understand exactly how the app operates. Our priority is the productivity and satisfaction of our users, making open source the perfect fit for Projectify.

Learn more about Projectify on the Projectify website.

Open source

We understand the importance of open source software and its ability to make a positive impact on the world. We’re dedicated to contributing to the open source community through sponsoring open source projects and opening our own code. Using open source software, companies can save money and resources on development and licensing.

We believe that open source software is a key driver of innovation and progress in the industry, and we’re proud to be a part of this movement. Find our open source projects on our GitHub organization.

Events

As supporters of array programming languages such as APL/J/K, we invite you to join the Tokyo APL/J/K Meetup. The Tokyo APL/J/K meetup is a hangout for array programming enthusiasts.

Contact

To learn more about our services, please send us an email at hello@jwpconsulting.net. We’re here to help.