How We Won the umlaut Secure App Award — Twice
ForgingApps achieved umlaut security certification in both 2024 and 2025 — a full re-audit against updated criteria, not merely a renewal.
About the umlaut Award
umlaut is an international engineering and consulting group conducting rigorous security testing. Their evaluation covers authentication, data storage, data transmission, platform-level security, code obfuscation, and network communication. The certification represents independent penetration testing — apps either pass or fail.
Common Security Failures
Insecure data storage — sensitive information without encryption. Broken authentication — non-expiring tokens, plaintext passwords. Unprotected API endpoints — missing rate limiting and input validation. Weak transport security — certificate pinning disabled, HTTP fallbacks, outdated TLS.
Our Security Approach
Security functions as a foundational design constraint rather than a pre-launch addition. We use Flutter for mobile, TLS 1.3 with certificate pinning, secure enclaves (iOS) and Android Keystore for auth tokens. Sensitive data uses AES-256 encryption with parameterized database queries. Threat modeling occurs during design phases before implementation.
Second-Year Lessons
Maintaining certification requires continuous security practice. Dependency versions acceptable in 2024 may contain known CVEs by 2025. Authentication best practices evolve as attack surfaces change.
Final Message
For projects handling user data, the choice is: develop quickly with later cleanup or construct securely from inception. We apply umlaut-standard security regardless of formal certification requirements.
Want to discuss how this applies to your business? Book a free call.
Security is non-negotiable
ForgingApps is a two-time umlaut Secure App Award winner. See our credentials and our approach to building secure software.
Book a free call →Related Posts
View all posts →AI Security Is Now a Buying Issue
Anthropic's Mythos preview and a fresh OpenAI tooling incident point to the same conclusion: businesses buying AI need to vet permissions, connectors, and blast radius, not just model quality.
Why a Local Dev Studio Beats a Freelancer for Custom Software
Freelancers are cheap. Agencies are expensive. Boutique dev studios offer something better: senior expertise, direct accountability, and no outsourcing.
Custom Software vs Off-the-Shelf: When to Build, When to Buy
Not every business needs custom software. But some are paying SaaS fees forever for a tool that barely fits. Here is a practical framework for deciding.