services.cs · murplz, inc

explorer

▾ murplz, inc 3srom.dev

≡index.md ⬡services.cs ◈about.lua ⚙contact.toml

▸ ▸ solutions/

⬡secure-dev.md ⬡code-review.md ⬡methodology.cs

▸ ▸ industries/

≡federal.md ≡defence.md ≡critical-infra.md

▸ ▸ partners/

≡teaming.md ≡bench.md

▸ ▸ resources/

≡insights.md ≡capability.md

▸ ▸ legal/

≡privacy.md ≡terms.md

links

⌥github/3srom

⌥github/murplz

example deliverables · rotating

Code Review · Q2-2026 register

12 findings · 3 high · 5 medium · 4 low

last update 9 min ago

Finding

CWE

Severity

Status

CR-0042

Insecure deserialization in import handler

502

High

Review

CR-0039

Missing authorization on admin endpoint

862

High

Fixed

CR-0036

Weak TLS configuration on legacy service

326

Med

Open

CR-0034

Verbose error in API response

209

Low

Fixed

Reference Architecture · Secure .NET API

Trust boundaries · ITSG-33 controls applied at each link

client

Browser

→

edge

API Gateway

→

authn

OAuth 2.0 / OIDC

→

app

ASP.NET Core

→

data

Encrypted Store

controls applied: SC-7 SC-8 SC-13 IA-2 IA-5 AC-3 AU-2

Typical engagement · 4 weeks

Discover · Threat model · Build / test · Hand-off

Week 1

Week 2

Week 3

Week 4

Discover

scope · review

Threat model

STRIDE

Build / test

code · SAST · SCA

Hand-off

report · re-test

ITSG-33 applied

OWASP ASVS L2 baseline

CWE Top 25 tracked

NIST SSDF aligned

Deliverables 5 items

✓Executive summary

✓Findings register · CWE-mapped

✓Remediation guidance

✓Re-test report

✓STRIDE threat artifacts

Turnaround code review

typical 2–6w

0w 2w 4w 6w 8w

Stack .NET

C# .NET 8+ ASP.NET Core EF Core Azure

OAuth 2.0 OIDC mTLS gRPC REST

// services.cs — what we deliver
 
using Murplz.Security;
using System.Threading.Tasks;
 
namespace Murplz.Services
{
 
  public class Catalog
  {
 
    // Service 1 — Secure .NET Development
    public Service SecureDevelopment() => new(
      name: "Secure .NET Development",
      summary: "C# and .NET applications built against OWASP Top 10"
              "and ITSG-33 controls from the first commit.",
      link: "/solutions/secure-dev"
    );
 
    // Service 2 — Secure Code Review
    public Service CodeReview() => new(
      name: "Secure Code Review",
      summary: "Vulnerability assessment of existing .NET codebases"
              "with remediation reports against OWASP and ITSG-33.",
      link: "/solutions/code-review"
    );
  }
 
  // Methodology shared by both services:
  //   /solutions/methodology
 
}

Find Files

≡index.mdmarkdown

⬡services.cscsharp

◈about.lualua

⚙contact.tomltoml

⬡solutions/secure-dev.mdmarkdown

⬡solutions/code-review.mdmarkdown

⬡solutions/methodology.cscsharp

≡industries/federal.mdmarkdown

≡industries/defence.mdmarkdown

≡industries/critical-infra.mdmarkdown

≡partners/teaming.mdmarkdown

≡partners/bench.mdmarkdown

≡resources/insights.mdmarkdown

≡resources/capability.mdmarkdown

≡legal/privacy.mdmarkdown

≡legal/terms.mdmarkdown