At Cossack Labs, we build security solutions to protect sensitive data in customers' products and infrastructures. We help address security risks efficiently so that our customers can focus on building their products with peace of mind about security.
To do this, we build security libraries, developer tools, custom solutions and collaborate with development teams as a security engineering team.
In essence, we do whatever is necessary to efficiently build practically secure systems without draining developers time and minds.
Who we are?
We are a team of experienced cryptographers and security software engineers. We've built various software solutions that required data security in the past and realised how hard it is to get things right as end-users of security software.
In 2014, we started as a data security R&D startup. We found a huge gap between companies' real-life needs and security market proposals in mitigating data-related security risks.
We combine three crucial technical expertise. Some of us have extensive cryptography and "hard security" backgrounds. Some of us are product builders at heart. Some of us are security engineers equally apt at breaking security controls and building them.
What our customers say:
"Thank you very much for all you did so far & the thoroughness, skill & knowledge you invested into this, all of you!"Founder of a blockchain software company after our cryptographic review
"I have definitely learned A LOT since we started working together with Cossack Labs. I have learned to be a better engineer because of their knowledge in mobile security."Ronald, Software Engineering Manager at M&A SaaS provider
"Cossack Labs shares myGaru’s mission to put individuals in the center of digital processes and give control on personal data back to users. Cossack Labs team is building secure data processing components and the privacy layer of myGaru solution."Vitalii Morozenko, Founder and CEO at myGaru
"We were thrilled work with Cossack Labs, leveraging their 15+ years of experience, to secure Bear user`s notes. It enabled us to elevate our core user experience with the security and privacy our users demand."Shiny Frog team, creators of Bear app
"Cossack Labs covered our back in data security, helping us to serve our customers better and target not only private hospitals, but also governmental healthcare companies."Andrei Popa, CTO at GoClinic
"End-to-end encryption engine based on Themis and Acra allows us to scale our product and attract new customers while being sure that their data is available only to them."Sergey Zenchenko, CEO at AppSpector
Security is complex and, at times, stands in the way of innovation — either because it’s a burdensome distraction or because the absence of security measures puts innovation’s reliability at risk.
Our mission is to help customers cut through complexity of the security landscape — with tools, bespoke solutions, research, and security consulting.
We try to help software eat the world responsibly — by making it respect privacy and avoid embarrassing security breaches.
What we do
We help our customers protect the value of their innovation with tools, bespoke solutions, research, and security consulting. Whether you need to protect your IP, users’ PII, sensitive data, or comply with regulations — we’re here to help.
Open-source and proprietary, tools and frameworks — our products come in many shapes, but deal with the same problem — convenient, modern data protection.
Many security problems don’t have easy out-of-the-box solutions, so we’re happy to tailor unique bespoke solutions to customers that have specific requirements.
Sometimes, just a helping hand and a few clever ideas is all it takes to get the job done. We offer a wide variety of security consulting services to help where only humans can help.
We're on the mission to make the world a better place, so we do much work for the community.
Our commitment to open-source. Every novel security method or approach we implement ends up open-source. Sooner or later, one form or another, we strive to make everything visible. Not just to follow Kerckhoffs's principle but to let the next generation of security builders have building blocks and references. Equally, we publish papers precisely outlining the theory behind some of the technologies we're building to ensure more than just code to justify our designs.
OWASP contributions. We have learnt a lot from OWASP checklists and best practice guides, so we are giving back. Our security engineers contribute to several projects, including OWASP MASVS, OWASP MSTG, OWASP Cheatsheets and others. We support, speak and organise OWASP meetups.
Communities and events. Our team members often participate in international security and development conferences as speakers, organise and co-organise local events, and support communities (like CocoaHeads and Women Who Code).
Discounts for startups and products with good cause. If you're on a mission that will drastically improve the world, or the technology you're building might become a commodity making the world a better place, we've got great discounts on your tools and services (conditions apply).
Supporting next generation
of security professionals
We consistently support various community activities targeted at people just entering the security industry: our industry needs more smart people. We run a cryptographic R&D training program for interns with potential employment and extensive "deep dive" for professionals from other industries to information security.