We are security practitioners controlling our paranoia (sometimes) and focusing our knowledge and experience to build new security solutions and practices for new (and old) IT systems and processes.
What we do
We research new security tendencies, techniques and solutions in Cyber-security issues, especially focused in SecDevOps processes with near-future impact in the security of BBVA Group and hopefully in the rest of the world.
We like Open Source and we believe in the "Don't reinvent the wheel" mantra.
We create projects that try to close the gaps not covered by any other Open Source projects nor commercial solutions yet.
Here you can check our projects. We invite you to use them, test them and ... collaborate. We welcome contributions!
APICheck - The DevSecOps toolset for REST APIs
API-Check is a complete toolset designed and created for testing the REST API.
API-Check focus not only in the security testing and hacking use cases. The goal of the project is to be a complete toolset for DevSecOPs cycles and for different user profiles:
Q.E.D. - Scalable, auditable and high-performance tamper-evident log
QED is an open-source software that allows you to establish trust relations with others. It can be used in multiple scenarios: secure tamper-evident data transfers, tamper-evident (system/application/business) logging, etc.
QED guarantees that the system itself, even when deployed into a non-trusted server, cannot be modified without being detected. It also provides verifiable cryptographic proofs in logarithmic relation (time and size) to the number of entries.
QED aims to be scalable, resilient and ops friendly:
Designed to manage billions of events per shard
Over 2000 operations per second per shard under sustained load