Matomo

Encryption and data protection for your apps - Cossack Labs
Cossack Labs
search

Helping innovators. Protecting innovations.

Cossack Labs helps companies to efficiently and conveniently protect sensitive data in their products by providing developer tools, bespoke solutions and security consulting services.

Do not shackle your innovation with security challenges ever again.

We help the leaders to build secure systems at scale

appspector baja-bikes bear-app ciklum datasite epam ethicontrol input-out goclinic kit logo-black merrill muse anthill nec uptech userbase treeum xrpl-labs tezos-foundation madfish-solutions mygaru clearful
Read customer stories

Solving security challenges at scale that is right for you

From dev tools to bespoke solutions, from security control design to product security team for hire, we offer a wide gamut of ways to help you tackle security risks.

  • Acra, <span class="font-normal">a database security suite</span>

    Acra, a database security suite

    Acra provides 9 security controls in one suite, pluggable as SQL proxy, API service or SDK in your architecture. Features include transparent field level encryption, searchable encryption, data masking, authentication, firewalling and many more.
    Read more
    Themis, <span class="font-normal">a cross-platform crypto library</span>

    Themis, a cross-platform crypto library

    Themis provides an easy-to-use and hard-to-misuse encryption API for securing data at rest and in transit. Solves 90% of use cases for protecting data in mobile, web and server-side apps. Helps to integrate application level encryption fast and easy.
    Read more
    Hermes, <span class="font-normal">end-to-end secure data storage</span>

    Hermes, end-to-end secure data storage

    A security framework for end-to-end encrypted data flow. Hermes provides cryptographically protected data processing and data collaborating without the need to re-encrypt an excessive amount of data.
    Read more
    Custom data security solutions

    Custom data security solutions

    One size doesn't fit all: we build customised data security solutions that may or may not utilize our IP: from greenfield to "just add application level encryption".
    Read more
  • End-to-end encryption in mobile and web

    End-to-end encryption in mobile and web

    We design and implement end-to-end encrypted layers: endpoint cryptography, operations on encrypted data, integration of key management processes and ensuring consistent product experience.
    Read more
    Zero Trust architectures

    Zero Trust architectures

    When your business requires software operating on hostile territory, designing software and security controls without relying on implicit trust is challenging. We've been doing it for a while before "Zero Trust" became a popular term.
    Read more
    Transparent, auditable systems

    Transparent, auditable systems

    Building trust is as crucial as protecting the data. We've built a number of custom cryptographically provable audit log systems that enable qualified auditors or empowered 3rd parties to validate system's behaviour.
    Read more
    Hermes, <span class="font-normal">end-to-end secure data storage</span>

    Hermes, end-to-end secure data storage

    A security framework for end-to-end encrypted data flow. Hermes provides cryptographically protected data processing and data collaborating without the need to re-encrypt an excessive amount of data.
    Read more
  • Product security & SSDLC

    Product security & SSDLC

    The most sustainable way to ensure software security is to make it an integral part of the ongoing development process. We lead engineers to pragmatic security and "shifting security left".
    Read more
    Security engineering & architecture

    Security engineering & architecture

    Our engineers fill your team skill gaps wherever necessary — in designing, planning, implementing, or verifying security components of your solution, ensuring its good performance, usability, and reliability.
    Read more
    Applied cryptography engineering

    Applied cryptography engineering

    Rolling your own crypto is a sin unless you're a cryptographer. Luckly, we are :) Our core competence is designing and implementing cryptography-based components, protocols, and systems.
    Read more
    Mobile application security

    Mobile application security

    Mobile app security means building protections that don't ruin UX, but mitigate platform-specific risks & threats, and align app security with backend security. Making React Native app secure or building end-to-end encryption flow? Bring 'em on!
    Read more
  • Defining security strategy

    Defining security strategy

    It's tricky to correlate security matters to your product growth plan when you're aspiring for a product business. We can cover this gap, ensuring that whatever you're building is resilient against the risks you're facing.
    Read more
    Security advisory and risk management

    Security advisory and risk management

    We assist C-level managers in defining cybersecurity goals and choosing efficient strategies for achieving them. We provide risk assessment, strategic and tactical advice in line with pragmatic security and compliance demands.
    Read more
    Security engineering oversight

    Security engineering oversight

    If you are building a security-critical system, we can act as your product security team. We provide constant oversight over features, match them to risks, and assist your engineers with implementing security-related features.
    Read more
    Privacy compliance

    Privacy compliance

    We translate the language of compliance requirements to your business and technological stack. We guide you towards the right balance between security, cost, and operational trade-offs.
    Read more
  • AI/ML security

    AI/ML security

    We assist innovative AI/ML-driven startups in protecting sensitive parts of their TensorFlow models and ML pipelines.
    Read more
    Differential privacy

    Differential privacy

    We assist adtech networks to build cryptographically-proven public accountability systems (differential privacy) based on anonymisation with protection against inference attacks.
    Read more
    zk-SNARKs and transactions privacy

    zk-SNARKs and transactions privacy

    We assist mature high-assurance blockchain companies who deal with identity management with research work and applied cryptography engineering.
    Read more
    Custom solutions

    Custom solutions

    Many of the projects we're most excited about are targeting particular needs that don't fit into any typical description. We love unique challenges. If you have something that is outside of this capability navigator, we're eager to talk.
    Read more

Helping across industries

Typically we work with fintech, power grids, payment processors, healthcare companies, popular applications, AI/ML solutions. Whatever is the industry, we help those where data security is a hard requirement.

Finance

Finance

Our products and solutions help modern financial institutions tackle data security for regulatory compliance and practical business risk mitigation.
Read more
Healthcare

Healthcare

Patient data is an important class of sensitive data that requires combining security and compliance with usability and interoperability in special ways.
Read more
Industrial / CNI

Industrial / CNI

We help state-wide organisations and industrial companies protect sensitive data, telemetry and commands in constrained environments.
Read more
Blockchain

Blockchain

We help cryptocurrencies and surrounding ecosystem to do the ‘crypto' and ‘security' parts right from both practical and formal perspective.
Read more
SaaS

SaaS

On overlap between compliance, cloud security standards and customer requirements, SaaS security strategies often require elegant, yet unique solutions.
Read more
B2C apps

B2C apps

You manage sensitive data of millions of your users? We're experienced in protecting massively successful B2C products without slowing their pace.
Read more

Our operating principles

  • The security landscape is complex, confusing and often counter-intuitive from the builder's perspective.

    Adding complexity means adding more things to build, more things to test, and more vectors for attackers to try and attack. Taming and reducing complexity while improving security is more complicated than "just adding feature X/just buying product Y", but it is worth it every time.

    It is our mission to help customers cut through complexity of the security landscape.

  • There is no "good security" or "bad security". There only is "appropriate security for chosen risk model".

    We understand how to derive our decisions from actual risks and inevitable requirements, rather than "expert opinions", and how to help customers do the same.

  • Risks bring hazards. Fixing them brings outrage; accepting them brings a different kind of outrage.

    We understand how to think and balance trade-offs in a way that is healthy for your products.

  • We do boring work, a lot. Making sure everything is covered, every test is performed, every known threat is considered — it's a mindset.

    We hire people who are happy to walk the extra mile to be confident that our customers understand what they get, how to operate it, and what's the limitations.

  • We specialize in protecting sensitive data, in whichever way we have to. Vast range of our solutions and products all aim at one thing — making sure that your sensitive assets are only available to authorized consumers.

    Sometimes, that means cryptography. Sometimes, that means application security, DRM, organization security or ML protection. The focus is always the same — protect the data.

  • Putting security at the hands of software developers and Ops means more than just giving them a nice SDK. We build our own products, and we understand feature/security/maintainability priorities just like you.

    We build our solutions with developers and their needs in mind — not only to get the job done but to get it done elegantly and conveniently.

  • Innovations can be very fragile, and we know what it takes — we constantly learn new stuff and innovate ourselves.

    We help innovators and market leaders build new exciting products. We understand that having additional sensitivity and openness is necessary to enable innovators to push humanity further.

    We know how to support and groom.

  • Security is not just a lot of clever technology — it is the understanding of business and societal impact of risks. Security can do good or vice versa.

    We help software eat the world responsibly and securely.

Think we're good fit?

Leave your email and we will get in touch about your security challenges.

Latest blogposts

TLS validation: implement OCSP and CRL verifiers in Go

TLS validation: implement OCSP and CRL verifiers in Go

Most applications use TLS for data-in-transit encryption and every programming language has a TLS support in its ecosystem. TLS was introduced in 1999 based on SSL 3.0. It's quite an old...
Crypto wallets security as seen by security engineers

Crypto wallets security as seen by security engineers

What can go wrong when you develop a “secure” crypto wallet? How to eliminate typical security mistakes and build a secure app with multilayered data protection against mnemonics leakage...
Acra 0.90.0: application level encryption and searchable encryption for any SQL and NoSQL databases

Acra 0.90.0: application level encryption and searchable encryption for any SQL and NoSQL databases

Following our mission to empower developers to build secure products, we chose to make all fundamental security controls previously available in proprietary versions accessible to a wide...
Go to blog

Contact us