FP7 Demons

Data Privacy and Compliance

DEMONS: DEcentralized, cooperative, and privacy-preserving MONitoring for trustworthinesS

Contact a Data Security Specialist


Award-Winning Data-Centric Security

Static Data Masking
Dark Data Masking
Excel Data Masking
  • BI & Analytics
  • Big Data
  • Data Masking
  • DB Speed & Security

Fast Data Management & Data-Centric Protection

Our Services


Get perfect solutions to all privacy and compliance issues from our team of experts.


Learn, practically experience and get equipped to combat data security threats.


Get a widely accepted certification for undergoing training with us.


We offer quick response and prompt support.

Find & Classify, Mask & Test, Firewall & Comply

Latest post

secure coding tips

Secure Coding Guide – Top 10 Tips

According to the latest data breach investigation report, cyber-crime was at the top of the list. In order to guarantee your organization and customer’s security, software developers should be able to create codes that stand the test of time with accomplished proper techniques and best practices for secure coding.

Below are top ten secure coding tips that you can implement in your organization in order to prevent the most common risks that may affect your organization and learn best ways to prevent and resolve related concerns in future.

1. Adopt and define secure coding standards and requirements

Identify, develop and document security requirements with secure coding standards early in the development cycle that target advanced language and platform and which also ensure that successive development items are assessed for compliance with those specific requirements.

2. Threat modeling

Threat modeling enables you to anticipate the threats to which the software will be subjected. Determining the threats posed by your application is essential to enable you to rate the threats based on risk ranking and severe vulnerabilities immediately and fix them promptly.

3. Follow the principle of least privilege

Carefully design each process with the smallest amount of privileges. Any preeminent permission should only be accessed with the required least amount of time acceptable to finish the privileged task. This approach reduces the opportunities for any attacks that can be executed as a result of elevated privileges.

4. Validate data input

Ensure to authorize input from all un-trusted data sources in order to eradicate the vast majority of software susceptibilities including all input fields for length, character, range, character sets and encoding. Filtering out harmful and suspicious from most external sources is one possible approach of doing this.

5. Exercise defense in depth

Practice multiple defensive strategies to manage risks in such a manner that when a security layer proves to be insufficient another security layer can avert the safety flaws from consumable exposure and other consequences from the fruitful exploit. However, the number of layers and required tools differ from one organization to another.

6. Keep security simple

Adopt simple security design and practices. Complex designs increase the chances of errors that will affect implementation and configuration processes. In addition, achieving appropriate levels of assurance will not be realizable.

7. Sanitize data sent to other systems

Cleaning all data that passes through complex subsystems prevents attackers who invoke the unused functionality of these functionalities.

8. Data design and access

A little sabotage can cause great damage to your database. It’s important to take all the precautions to ensure variables are strongly typed and that all queries have the right parameters with stored procedures to prevent data access.

9. Positive security through default deny

It is important to base access decisions on permissions rather than elimination and outline only what is allowed while rejecting anything else. Consequently, entry will be denied when the defense scheme detects circumstances under which entry is allowed.

10. Plan and design for security policies

Proper planning with well-designed software that implements and enforces security policies prevents the vulnerability of the development life-cycle. Upfront identification of security requirements, providing software security, establishing secure coding standards and consistently verifying the effectiveness of security controls helps to enforce security policies.


A Brief Insight Into Cybersecurity

We’ve all heard of the term, but most of us haven’t bothered with the definition. In this article, we discuss cybersecurity at its vaguest, glossing over what cybersecurity is and how it is of utmost importance; be it for a single computer or a whole corporation.

Cybersecurity is usually a set of techniques or controls that are put into practice to protect systems, programs and unity of networks from unauthorised access.

At its core, information and systems are protected from cyber threats by cybersecurity as cyber attacks can cause a substantial financial, economic, and reputational damage.

An estimate has been brought up by the UK government citing that large-scale businesses are set back by nearly £20000 from a single breach in cybersecurity. While companies of such scales have an acute awareness of the possible cyber threats they could face, 45% of small-scale businesses believe they are not serious targets.

It does not matter. As long as you’re connected to the internet, you’re at risk. These risks can be of many types such as malware, phishing, and exploits kits. Cyberterrorism, warfare and espionage are a part of what cybersecurity deals with.


National level security is also of need as the US, followed by other nations, has conceded the fifth kind of warfare, namely cyberwarfare. Cyberwarfare focuses on recovering data rather than shutting a network down as hackers attempt to disrupt communication lines and commerce.

But in today’s day and age, methods to attack a system have become sophisticated and inexpensive, and as a result, cybersecurity has found itself in a race to keep up with various strategies to counteract said attacks with. However, cybersecurity developers often find themselves retaining a part of their code as proprietary which creates a technology gap. These gaps are later exploited by hackers to gain information.

Even identities have come under assault. Cyber espionage, or the practice of obtaining information without the owners’ regard, is often conducted via malware.

An attack can be prevented by a great many number of ways. But securing a system with only one layer is extremely dangerous. That is why to ensure an attack is blocked completely, these are layered one after the other. This method, however, is extortionate.

The layers of security having being placed still doesn’t ensure safety as massive data leaks have occurred over the years. This is the reason why board members of mega-million enterprises have decided to prioritise and fund cybersecurity.

A topic of vastness such as this can never be thoroughly discussed, as hackers and cybersecurity developers bring creative methods alike to outdo the other.

DEMONS IPFIX Interop: Test Protocol

The test protocol for the DEMONS IPFIX Interop, held as CESNET, Prague, Czech Republic, 24-25 March 2011, is now available.

Testing will focus on normal operation of the protocol over SCTP as specified in RFC 5101; TCP and UDP will be tested according to the capabilities of the participants’ implementation. We will concentrate on the following scenarios, which cover areas of protocol development since the last interoperability test in 2006.

  • Normal session establishment, template and record export, and teardown
  • Export and collection on multiple streams
  • Template withdrawal and expiration, and template ID reuse
  • Secure session establishment using TLS or DTLS

Core tests will be matrix tests (each exporter (EP) to each collector (CP) for each capable transport), with the following conditions necessary for a successful test for an EP/CP pair:

  • The EP can connect to the CP
  • The EP can export Templates to the CP
  • The EP can export Flows according to those Templates to the CP
  • The Flows received at the CP are identical to those sent by the EP, considering any mismatch between the internal data models of the EP and CP.
  • The EP can export to the CP on at least two Streams, if the EP supports multiple stream export. (SCTP only)
  • The EP can withdraw and reuse a Template ID successfully with the CP, if the EP supports template withdrawal.
  • The EP can withdraw a Template on one Stream that was used on another Stream, and reuse its ID, if the EP supports template withdrawal. (SCTP only)
  • The EP can allow a Template to expire and reuse a Template ID successfully with the CP, if the EP supports Template ID reuse. (UDP only)

Of course, as the interoperability event will provide an open and flexible environment for testing, other testing will be run according to the capabilities of the participating implementations, and the priorities of the participants.

DEMONS IPFIX Interoperability Event

The FP7 DEMONS project is organizing an IPFIX Interoperability Event, in cooperation with CESNET. All developers and vendors of IPFIX implementations are invited to attend.


Three years have passed since the publication of the RFCs defining the core IP Flow Information Export (IPFIX) protocol. In this time, adoption and implementation of the protocol has been increasing.

The interoperability event gives developers and vendors of devices or systems which can export or collect flow data using the IPFIX Protocol a chance to test their devices against those of other developers and vendors. The interoperability testing will focus on features in the core protocol as specified in RFC 5101, using the information model in the IANA IPFIX Information Element registry; however, as time allows, participants may test features defined in other IPFIX RFCs as well.

In addition to providing interoperability information that developers and vendors can use to improve their own products, the implementation reports produced from this event will be used to advance the IPFIX Protocol along the IETF Standards Track.

The test protocol is available here.

Where and when?

The event will be held on Thursday, March 24, and Friday, March 25, 2011, at the offices of CESNET in Prague, Czech Republic. The time and location of the event were chosen to allow convenient participation by attendees of IETF 80, held at the Prague Hilton, March 27 to April 1, 2011.

Testing begins each day at 9am, until the tests for the day have been run or until the facility closes for the evening, whichever comes first. Directions to the CESNET offices are available here.

Any additional testing or implementation determined by the participants to be necessary after the main event will take place Saturday, March 26, at the Prague Hilton, in room Karlin I.


The interoperability event is open to technical participants from any developer or vendor of products which can export or collect flow data using the IPFIX Protocol. Participants are expected to bring any device(s) to test, any host(s) necessary on which to test software systems, and any additional hardware required to connect these devices to 230VAC/50Hz power and copper (RJ-45) Gigabit Ethernet.

To protect developer-proprietary information about the IPFIX implementations to be tested, participation in the event is subject to a nondisclosure agreement. Nondisclosure agreements must be signed and returned to the organizers before taking part in the event. Nondisclosure agreements from all participants may be made available to any other participant on request.

Currently confirmed participants include:

  • ntop.org (Italy)
  • Technical University of Munich (Germany)
  • CESNET (Czech Republic)
  • Technical University of Kosice (Slovakia)
  • CERT Network Situational Awareness Group (United States)
  • Invea-Tech (Czech Republic)
  • ETH Zürich (Switzerland)


Participants should contact the organizer, Brian Trammell<trammell@tik.ee.ethz.ch>, by email to register, to help us in planning. However, participants will only be registered for the event when we have received a signed nondisclosure agreement. Scanned PDFs can be sent via email, though signed original NDAs should be brought to the event.

Registration emails should indicate:

  • whether the participant will bring an exporter, collector, or both
  • the transport protocols supported by the participant’s implementation (SCTP, TCP, UDP)
  • link(s) to any public documentation available detailing the template(s) natively supported by the implementation
  • the name(s) of the people attending

The names of participating organizations will be made publicly available on this page unless specifically requested. Participation is free of charge.


"Our team works towards optimising your test runs by providing masked data. This ensures you no longer need to worry about your authentic data leaks. Safety and security is our priority, and we work hard towards giving you the best possible service."

Our Happy Clients

Virginia Snyder

Knowing and practically implementing different techniques to combat ever-evolving data security threats was interesting. Plus, I'm now equipped with a well-accepted certification too!

Jean Romero

The constant threat of security breach is continually looming over us all. We quickly got in touch with your team, and since then life's been a lot easier! We're now safe, secure and content.