# Secure software for Canada's federal mission.
We build .NET applications with security designed in
from the first commit, and review existing systems
against the controls federal buyers are required to
enforce.
-
secure .NET development
-
secure code review
C#
.NET 8+
ASP.NET Core
OWASP
ITSG-33
Azure
REST / gRPC
✓
100% Canadian-owned · federally incorporated · open to teaming
name = "Murplz Inc."
type = "Federal Canadian corporation (CBCA)"
office = "Ottawa, ON — by appointment only"
market = "Government of Canada"
delivery = "prime subcontract · direct vehicles"
- capability_statement.pdf
operational artifacts · rotating
FINDING · MURPLZ-CR-0042
Insecure deserialization in document import handler
High
82public Document Import(byte[] payload) {
83 var formatter = new BinaryFormatter();
84 return (Document)formatter.Deserialize(new MemoryStream(payload));
85}
Remediation
Replace BinaryFormatter with System.Text.Json using a strict allow-listed type resolver. Validate against a JSON schema before deserialization.
What you receive
From every code-review or secure-development engagement
✓
Findings register · CWE-mapped
Each finding tied to CWE, OWASP category, and ITSG-33 control.
✓
Remediation guidance
Concrete code-level fixes, not just descriptions.
✓
Re-test report
Verification that fixes hold under the original test conditions.
✓
Executive summary
A short version your director can read.
CBCA
incorporated 2025
ownership
100% Canadian
based in
Ottawa, ON
market
Government of Canada