Application Security


Security for developers, by developers

We’re good at this

We have a strong software development background, particularly in developing web-based business-critical applications for financial institutions. We built, operate, and continue to maintain an e-commerce payment solution where we are able to "practice what we preach" about application security. We also have extensive experience in designing mobile security solutions that make effective use of the various channels and security opportunities presented by modern mobile devices. 

Our experience in information security extends beyond application security – we have developed information security management systems (policies & procedures), assisted clients with ISAE3402 assurance audits, designed PKI systems (incl. key ceremony facilitation, CP/CPS development) and assisted clients to develop information technology strategies in areas other than security. Today we use this experience to support our application security-focussed offerings. 

Over the past eight years, we’ve helped dozens of companies from large to small secure their applications and related infrastructure. We look forward to helping you. 

Get in touch

Talk to us about your application security requirements. Every business is unique so we offer free consultations to walk you through your needs, the scope of your goals, and your budget.

Contact us ▸

We’re on a mission

Companies everywhere have built up enormous security debt in their software applications. The evidence of this is in the papers every day – by far the majority of security breaches today are in software applications. Users depend on your software for vital services and they deserve better. Our industry needs to clean up its act and we aim to help. 

Security is too important to be left to security people.
It has to be handled by developers.
— Gunnar Peterson


Principal advisors



Paul van Woudenberg

After graduating as an Electronic Engineer, Paul moved into software development as a business analyst and architect in the late-nineties. He acquired a taste for information security on an early web security project when he was part of the team that developed a large SA insurer's first web application security framework. It was on this project that he met Theo, with whom he later founded ThinkSmart. Paul has diverse skills in information security, from writing policies a la ISO27001 to designing transaction authentication processes. Paul is at his happiest professionally when bridging the gap between business and technology. 



Stellenbosch University
M. Eng (Electronic), 1993

Activities & Affiliations

OWASP fan and member




Theo van Niekerk

Theo is a seasoned software developer with a strong focus on security. He started programming on an Apple ][+ when he was 12 years old. At university his hacker-like curiosity sometimes got him into trouble with the Unix account admins. In the late nineties Theo was part of a R&D team exploring new web technologies at a large SA insurer, where his security skills started paying the bills. It's here that he met Paul, with whom he later founded ThinkSmart. At ThinkSmart, Theo helps clients build secure systems from the inside out, focussing on applying OWASP tools and by leading code audits, performing security testing and generally providing application security thought leadership. 



Stellenbosch University
B. Econ, 1991

Activities & Affiliations

OWASP contributor and member