laptop programming

Securing applications, automation and AI models

We are an IT team that combines cybersecurity knowledge with experience in application design. We create and implement automation and solutions based on AI, as well as increase the security of systems through, among others, OWASP security tests, implementation of SSO and 2FA.

Get in Touch

We have been dealing with cybersecurity since 2015 — that's when our brand Lemlock was founded

Lemlock by Sagiton
Icon - Curiosity

More than half of companies may have problems with system security

The more processes we automate and move to the digital world, the greater the risk that sensitive data will end up in the wrong hands. According to the Komputronik report, 57% of respondents see internal threats (such as unauthorized access) as a problem already present in the company where they work. This means that the lack of adequate safeguards is not an abstract risk, but an everyday occurrence in more than half of organizations. The scale of the problem is growing, and cybercriminals can take advantage of it.

How can help you with data protection in your company?

Securing AI (Artificial Intelligence) Models

We will check for you whether confidential data (e.g. prices, personal data or know-how) enter the AI models which are used in your company and carry out penetration tests — simulations of adversarial attacks and data poisoning AI attacks. We will take care of protecting AI algorithms from manipulation and data leakage — all in compliance with the OWASP Top 10 standards for AI.

Implementing SSO and 2FA for employees

We will implement two-factor authentication (2FA) and single sign-on (SSO) to your business to eliminate the risk of duplicate passwords. We will configure SSO with SAML2, OAuth2 and OpenID Connect protocols, integrating with popular identity platforms. We will introduce 2FA for businesses with support for TOTP, WebAuthn/PassKeys or hardware keys to ensure secure access to systems.

Business applications with the right security

With us you will build a low-code application and automation according to the principle of privacy by design. Additionally, we can perform system security tests based on OWASP Top 10 Web and Top 10 Mobile. We minimize the risk of attacks and leaks — all within industry standards. Bet on secure application development and deploy software with Sagiton.

Pentests of existing automation systems and applications

With pentests of company systems that simulate real hacking attacks, we will verify that the internal data in your enterprise is safe. Discovering vulnerabilities in applications is just the first step — after testing, we'll tell you what you need to do to keep your company's data safe, and help you implement patches.

Need help with cybersecurity? Book a free consultation with our specialist

Free consultation

Technologies with which we work every day

Hosting and server monitoring — implement safe systems with Sagiton

We provide comprehensive IT support: server hosting, administration and cybersecurity for companies. Thanks to us, your infrastructure works stably, safely and without unnecessary downtime. Find out more about our services!

Hosting and monitoring
programming on a laptop

Case Study

IT Security Audit and BIMStreamer Application Security

bimstreamer logo

BIMStreamer is an application used to manage and distribute BIM files. Building manufacturers use it to store, update and share their BIM model libraries with architects. BIMstreamer streamlines the promotion of building materials, so that manufacturers who use it, easily place their products in architectural projects.

BIMStreamer banner

Issues BIMStreamer has struggled with:

Lack of regular application security audits

Due to the security of company applications, systems should be regularly verified according to the OWASP Top 10 standard. In the case of BIMstreamer, penetration tests were required under conditions that faithfully replicated production. Pentests directly on the production environment would carry the risk of downtime and data loss.

The application did not meet the latest standards

We performed an IT security audit and found that the application needed updating to provide the latest security against attacks. There was a lack of an adequate protection system that could effectively monitor and block unwanted traffic, such as DDoS attacks or the injection of malicious code. Without this type of security, the application was more vulnerable to threats from the network.

A common database for all customers

In the older version of the system, all customer data was stored in a single, common database. This meant that one minor error in the SQL query (e.g. no WHERE filter) could result in sensitive information being transferred between clients. This risk posed a serious threat to data privacy and could lead to a loss of user trust.

Lack of standardization of data backups

The problem was also the policy of backing up data, or rather the lack thereof. Faced with potential cyberattacks that could result in the entire data disk being encrypted, the organization would be exposed to serious losses, including the loss of key information. Such a state of affairs could significantly affect the company's operations and its reputation.

Introduced by us solutions

IT infrastructure audit and pentests

To avoid production downtime, we first recreated the entire environment in complete isolation. Then we conducted penetration tests using the white-box method — we verified not only the system itself, but also its source code, database structure and server configuration. We performed the application pentests according to the OWASP Top 10 standards, and the use of technologies such as BurpSuite, Metasploit and Scapy, allowed us to accurately map the attack vectors.

Segregation of customer databases

We created a new architecture with separate databases per client. Each new tenant receives its own separate database in PostgreSQL — this eliminates the risk of accidental data mixing. In addition, even in the event of a potential security breach, the attacker only has access to the data of one client, not the entire platform. Thanks to this solution, customers can host databases on their own servers.

Deploying a layer to protect the system from cyber attacks

We have implemented Web Application Firewall (WAF) with Cloudflare, which provides protection against various types of attacks. WAF analyzes incoming traffic and blocks unwanted queries, protecting the application from potential threats such as DDoS attacks.

New rules for backing up data

We implemented a new backup policy based on Proxmox, which ensured regular, daily backups of all virtual machines. Backups were stored on completely different environments, which further increased their security. Thanks to this, in the event of a cyber attack, it would be possible to quickly restore the data to the state before the incident.

Benefits of implementation

Pentests of the application made it possible to detect security vulnerabilities sufficiently quickly.

10+ Critical Attack Vectors have been eliminated.

The implementation of WAF has increased protection against potential attacks.

Complete isolation of customer data on separate databases has increased confidentiality and data ownership.

Data encryption has secured the system against DDoS and ransomware incidents.

The backup policy eliminated the risk of a cyber attack related to data encryption.

Programmer in the office

Check compliance with GDPR of your systems

We check compliance with the GDPR in internal processes and applications. We help secure data storage in the EU. Learn more about our GDPR services.

Data Privacy Protection

Our blog articles, from which you will learn how to take care of data privacy in your company

invoice scam

Cybersecurity

How to block scammers? Protect Your Service Company from Fake Invoices

You run a service business and your customers pay their invoices regularly. The processes run smoothly until one day the client reports that he has paid into an account that... does not belong to the company. Invoice fraud? Unfortunately, such situations happen in reality.

Read
programming on a laptop

Automation of the company

The most common mistakes in AI automation

Artificial intelligence (AI) promises to revolutionize business — from implementing process automation to precise forecasting. However, reality often deviates from expectations. Read our article and learn about 5 real examples of the difficulties that organizations face when implementing AI.

Read
laptop programming

Cybersecurity

Cybersecurity in Business Process Automation: How to Protect Data and Stay in Control

Automation systems are becoming an integral part of business processes in many companies. Read the article and learn what to look out for and how to ensure data security in your organization when implementing business process automation.

Read
See all entries

Want to check the security of AI models or apps? Get in touch with us

We perform software security audits and implement required patches so that our customers don't have to worry about threats. Contact us and arrange a free consultation!

Office staff

Attachment (optional)

Thank you for contacting us!

Your message has been successfully sent. We will reply as soon as possible.
Oops! Something went wrong, failed to send the form.

Contact us by email

_process_automation@sagiton.pl

By sending a message to the generated email you declare that you agree to processing of personal data in order to contact you and have familiarized yourself with information clause Sagiton Sp. z o.o.

Oops! Qualcosa ha insegnato il modulo.

Find us

Services

Business Process Automation
E-commerce integrations and automation
Data privacy protection
Revit Plugins Development
Revit Automation Scripts
Automation with AI
AI Consulting and Automation
Implementation of AI Agents
Server Hosting and Monitoring
Automation of bidding
PIM implementation and integrations
Securing applications, automation and AI
Administration automation
Recruitment and HR automation
Automation of financial processes
Sales and customer service automation
Development of mobile applications
Web application development
No-Code/Low-Code Development
Generative Design
3D configurators and visualizations

Industries

Sales and marketing
E-commerce
Manufacturers
Finance and Administration
Construction and architecture

Products

CRM system for salespeople
BIM Content management - BIMStreamer
Revit plugin for BIM libraries

About us

Blog
Our clients
About us
Contact
Recruitment
I hereby consent to the processing of my personal data by the Personal Data Administrator (hereinafter: “ADO”) — Sagiton Sp. z o.o. ul. Legnicka 59/B26, 54-203 Wrocław, in the scope of: name, email address or telephone, for the purposes of selling products and services of Sagiton Sp. z o.o. and for the purpose of sending me feedback and contacting me by Sagiton Sp. z o.o.

At the same time, I acknowledge that: at any time I can request the deletion of my personal data from ADO Sagiton Sp. z o.o., by sending to the e-mail address gdpr@sagiton.pl. or in writing, to the address Sagiton Sp. z o.o., ul. Legnicka 59/B26, 54-203 Wrocław, a statement containing the relevant request, which will result in the deletion of my personal data from the ADO Sagiton database Sp. z o.o.; I have the right to access the content of my data; providing my data is voluntary, although refusal to provide them is tantamount to not receiving them information regarding the sale of products and services of Sagiton Sp. z o.o., as well as with non-receipt of feedback and contact with me by Sagiton Sp. z o.o.
Close
In accordance with Article 13 (1) of the General Data Protection Regulation of 27 April 2016 (GDPR), we inform you that the administrator of your personal data is Sagiton Sp. z o.o. with its registered office at ul. Legnicka 59/B26, 54-203 Wrocław, e-mail: gdpr@sagiton.pl

Your personal data will be processed in the scope of your name, email address and/or telephone number in order to respond to your enquiry/request for contact and provide feedback — on the basis of Art. 6 (1) lit. a GDPR, i.e. consent to the processing of personal data.

The data controller informs that your personal data will not be made available to third parties.

Your data will not be transferred outside the European Economic Area or to international organisations.

Your personal data will be processed until you withdraw your consent to the processing of data and also in the event that the purposes of processing these data cease.

You have the right to access, rectify, delete, restrict processing, transfer and object to your personal data.

If you give your consent, you have the right to withdraw your consent at any time. The exercise of the right to withdraw consent does not affect the processing that took place until the withdrawal of consent.

You have the right to lodge a complaint with the supervisory authority, i.e. the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warszawa.

Providing your personal data is a prerequisite for establishing contact with you by Sagiton Sp. z o.o. with its registered office at ul. Legnicka 59/B26, 54-203 Wrocław. If you do not provide personal data, Sagiton Sp. z o.o., will not be able to contact you.

Data Controller Sagiton Sp. z o.o. informs that it will not use your personal data for automated decision-making, which is based solely on automated processing, including profiling, and has legal effects on you or similarly significantly affects you.
Close
I hereby consent to the processing of my personal data by the Personal Data Administrator (hereinafter: “ADO”) — Sagiton Sp. z o.o. ul. Legnicka 59/B26, 54-203 Wrocław, in the scope of: name, email address or telephone, for marketing purposes, by Sagiton Sp. z o.o.

At the same time, I acknowledge that: at any time I can request the deletion of my personal data from ADO Sagiton Sp. z o.o., by sending to the e-mail address gdpr@sagiton.pl or in writing, to the address Sagiton Sp. z o.o., ul. Legnicka 59/B26, 54-203 Wrocław, a statement containing the relevant request, which will result in the deletion of my personal data from the ADO Sagiton Sp. z o.o.; I have the right to access the content of my data; providing my data is voluntary, although refusal to provide them is tantamount to not receiving them commercial information from Sagiton Sp. z o.o.
Close

Sagiton Sp. z o.o. © 2025

Privacy Policy

I hereby consent to the processing of my personal data by the Personal Data Administrator (hereinafter: “ADO”) — Sagiton Sp. z o.o. ul. Legnicka 59/B26, 54-203 Wrocław, in the scope of: name, email address or telephone, for the purposes of selling products and services of Sagiton Sp. z o.o. and for the purpose of sending me feedback and contacting me by Sagiton Sp. z o.o.

At the same time, I acknowledge that: at any time I can request the deletion of my personal data from ADO Sagiton Sp. z o.o., by sending to the e-mail address gdpr@sagiton.pl. or in writing, to the address Sagiton Sp. z o.o., ul. Legnicka 59/B26, 54-203 Wrocław, a statement containing the relevant request, which will result in the deletion of my personal data from the ADO Sagiton database Sp. z o.o.; I have the right to access the content of my data; providing my data is voluntary, although refusal to provide them is tantamount to not receiving them information regarding the sale of products and services of Sagiton Sp. z o.o., as well as with non-receipt of feedback and contact with me by Sagiton Sp. z o.o.
Close
In accordance with Article 13 (1) of the General Data Protection Regulation of 27 April 2016 (GDPR), we inform you that the administrator of your personal data is Sagiton Sp. z o.o. with its registered office at ul. Legnicka 59/B26, 54-203 Wrocław, e-mail: gdpr@sagiton.pl

Your personal data will be processed in the scope of your name, email address and/or telephone number in order to respond to your enquiry/request for contact and provide feedback — on the basis of Art. 6 (1) lit. a GDPR, i.e. consent to the processing of personal data.

The data controller informs that your personal data will not be made available to third parties.

Your data will not be transferred outside the European Economic Area or to international organisations.

Your personal data will be processed until you withdraw your consent to the processing of data and also in the event that the purposes of processing these data cease.

You have the right to access, rectify, delete, restrict processing, transfer and object to your personal data.

If you give your consent, you have the right to withdraw your consent at any time. The exercise of the right to withdraw consent does not affect the processing that took place until the withdrawal of consent.

You have the right to lodge a complaint with the supervisory authority, i.e. the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warszawa.

Providing your personal data is a prerequisite for establishing contact with you by Sagiton Sp. z o.o. with its registered office at ul. Legnicka 59/B26, 54-203 Wrocław. If you do not provide personal data, Sagiton Sp. z o.o., will not be able to contact you.

Data Controller Sagiton Sp. z o.o. informs that it will not use your personal data for automated decision-making, which is based solely on automated processing, including profiling, and has legal effects on you or similarly significantly affects you.
Close
I hereby consent to the processing of my personal data by the Personal Data Administrator (hereinafter: “ADO”) — Sagiton Sp. z o.o. ul. Legnicka 59/B26, 54-203 Wrocław, in the scope of: name, email address or telephone, for marketing purposes, by Sagiton Sp. z o.o.

At the same time, I acknowledge that: at any time I can request the deletion of my personal data from ADO Sagiton Sp. z o.o., by sending to the e-mail address gdpr@sagiton.pl or in writing, to the address Sagiton Sp. z o.o., ul. Legnicka 59/B26, 54-203 Wrocław, a statement containing the relevant request, which will result in the deletion of my personal data from the ADO Sagiton Sp. z o.o.; I have the right to access the content of my data; providing my data is voluntary, although refusal to provide them is tantamount to not receiving them commercial information from Sagiton Sp. z o.o.
Close