About Us

OneStopAppSecurity.com is a small application security consulting firm specializing in providing security consultation services that are tailored to each project's needs and budget. OneStopAppSecurity.com strives to avoid the one-size-fits-all security consulting model that many larger companies have. Towards this end, the following OneStopAppSecurity.com has adopted these tenets for all customer interactions:

1. Unbiased technology recommendations: We do not now, nor do we have any plans to sell or resell any software, hardware or online service. If we tell you that you need to purchase a piece of technology, we are saying that because we believe it to be in your company's best interest, not because we are getting a commission or kickback. Security consulting is our one and only source of income.
2. No two customers are the same: We recognize that every business has its own knowledge base, processes, code legacy, market presence, organizational structure, internal politics, business goals, culture, etc... Our goal is to understand your company's structure and combine that with our security experience to help you achieve the best product you can. We will not simply provide you with a list of security concerns, ideas, etc... We recognize that no to projects are the same and will try to shape our deliverables around your company's needs.
   
3. Security requirements must dovetail with business requirements: Just because security is our sole focus does not me that we cannot understand that it is not your company's sole or even primary focus. We have all spent years developing and shipping products and understand that business requirements are not just based on technical requirements, but also take into account schedule, budget, customer relations, competitive analysis, marketing, investor relations, etc.. We will try to provide you with enough background material on any security issues we raise so that you can accurately prioritize with them with your other business needs. While we may raise concerns about some of your decisions, we assume you know more about your business than we do and will respect any decisions you make.
4. Interact but not invade: All of our consultants have spent years developing software and understand that your job is producing software, not babysitting consultants. With this in mind, we will interact with your employees to learn what we need while trying to introduce the least perturbation to your ongoing work. Having developed software for so many years, we do not need to be told twice if you say you have a deadline approaching and cannot talk to us for a few days, we understand and are happy to try to work with any request you have for implementing specific communication models such as using to using a single point of contact, we have all been engineers on a schedule's critical path and know enough not to bother an engineer who you tell us is on the critical path, and so on.
   
5. We strive for long relationships, not long engagements: Being that OneStopAppSecurity.com focuses on security architecture, design and process but does not typically deliver any software, we recognize that our help is only needed at some points in the SDLC. We typically see no point for a long engagement on a single project. With our extensive experience and security knowledge we can address whatever security concerns you have, point you in the right directions, train your staff, and leave you to your business. Should you need more help from us, great, we would love to help. If you do not come back for more help, then we hope it is because we were so effective in any previous engagements that you can continue with confidence regarding security issues and hope you will think of us on your next project :-)
   
6. If you are not happy, we are not happy: Everyone says that the customer comes first but we actually mean it. In keeping with the old expression "Money talks and b------- walks", we offer the No-Risk Security Assessment. It is essentially the consulting equivalent of a free introductory period.