SEBYDE

Short introduction
Secure By Design
Who are we?
> SEBYDE (se-bee-de)
– Secure by Design

> IBM Certified Business Partner

> Specialised in:
– Security Assess...
Focus of hackers changed

From
Infrastructure
To
Applications

© Sebyde BV
© 2013 Sebyde BV
Reality …
> 60-80% of Web applications / Websites have at least one weak security point
(vulnerability).
> 75% of all hack...
Damage
> Theft
– Information
– Privacy sensitive information
– money

> System failure
– Application not available
– Loss ...
But still …
Security

Spendings

% of attacks

% of Budget
Web
Applications

75%

75%

10%
10%

90%

Network Server
Infras...
The solution: Secure by Design
> Prevent weaknesses in the IT security by taking the security aspects into account at
the ...
Loss of customer trust
Law suits

Reputation damage
Repair costs
Fines

Test Early

Production phase
At an incident

Early...
Sebyde Services

Secure By Design
Sebyde Services
Security
Scan

Secure
Development
(Reseller)

Security

Awareness

Security
Assessments

© Sebyde BV
© 201...
1. Security Scan
> Scan your web application(s) for 1400+ exploits
> We use a specialised tool, IBM Security Appscan®
> We...
2. Secure development
Outsourced Audits

In-House Audits

Development
Integration

Enterprise

Sebyde Security Scan

IBM S...
3. Security Awareness Training
> 2-3 half-day sessions
> Increase security awareness
> Make people aware of the risks and ...
Specialised Security training
Code

Titel

Duur

CEH

EC-Council Certified Ethical Hacker

5 days

CHFI

EC-Council Comput...
4. Security Assessments
> Quick Assessment
– Company-wide general assessment of the ICT Security

> Privacy Impact Assessm...
Overview Sebyde services

People

Security
Awareness
• Management
• Employee
• Developers

Sebyde
Secure by
Design

Proces...
Thanks!

If you have any questions, please do
not hesitate to contact us!
Rob Koch (rob.koch@sebyde.nl)
Derk Yntema (derk....
Upcoming SlideShare
Loading in …5
×

Introduction Sebyde BV | Security Testing | Security Awareness | Secure Development

681 views
543 views

Published on

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
681
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
26
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Introduction Sebyde BV | Security Testing | Security Awareness | Secure Development

  1. 1. SEBYDE Short introduction Secure By Design
  2. 2. Who are we? > SEBYDE (se-bee-de) – Secure by Design > IBM Certified Business Partner > Specialised in: – Security Assessments • Application security scans • Network + Systems – Security Awareness • Change of behaviour and motivation • Security Awareness program © Sebyde BV © 2013 Sebyde BV
  3. 3. Focus of hackers changed From Infrastructure To Applications © Sebyde BV © 2013 Sebyde BV
  4. 4. Reality … > 60-80% of Web applications / Websites have at least one weak security point (vulnerability). > 75% of all hacks are targeted at Web applications / Websites > IBM’s X-Force Report March 2013: 43% of all security issues are caused by Web applications. > 81% of the Web applications do not comply to the PCI DSS regulation (Payment Card Industry). > IDC Research: 25% of all companies are “exploited” via a weak spot in the Web Application security. > Unaware users are infected by websites with “Malware”. > Google : >2 Million search requests per month “How to hack”, “Download hacking tools” and related information. © Sebyde BV © 2013 Sebyde BV
  5. 5. Damage > Theft – Information – Privacy sensitive information – money > System failure – Application not available – Loss of business – DDOS > Repair costs – Software – Information > Reputation – Customer trust – News / media – Costs: ???? – Indirect (ISP) > Fines – EU Privacy act – CBP © Sebyde BV © 2013 Sebyde BV
  6. 6. But still … Security Spendings % of attacks % of Budget Web Applications 75% 75% 10% 10% 90% Network Server Infrastructure 25% © Sebyde BV © 2013 Sebyde BV
  7. 7. The solution: Secure by Design > Prevent weaknesses in the IT security by taking the security aspects into account at the building /programming phase of applications. > Designers and programmers should assume that applications will be attacked immediately after they have been taken into use. > Software Security is an integral part of the development process. © Sebyde BV © 2013 Sebyde BV
  8. 8. Loss of customer trust Law suits Reputation damage Repair costs Fines Test Early Production phase At an incident Early testing safes money. 80% of the development costs are spent at problem solving of applications. Solving vulnerability issues in an application that has already been taken into use costs 100 times more than solving the issues in the development phase. 100x Deployment phase Dynamic testing 15x Test phase Acceptance testing 6,5 x Development Static testing 1x Design Secure by Design © Sebyde BV © 2013 Sebyde BV
  9. 9. Sebyde Services Secure By Design
  10. 10. Sebyde Services Security Scan Secure Development (Reseller) Security Awareness Security Assessments © Sebyde BV © 2013 Sebyde BV
  11. 11. 1. Security Scan > Scan your web application(s) for 1400+ exploits > We use a specialised tool, IBM Security Appscan® > We deliver clear reports of the weak security points (vulnerabilities) in the application and an advise how to repair them > Support during the repair of the source code > Fast result > 3 days (Full scan) > 1 day (Vital Few scan) > One-time, subscription © Sebyde BV © 2013 Sebyde BV
  12. 12. 2. Secure development Outsourced Audits In-House Audits Development Integration Enterprise Sebyde Security Scan IBM Security Appscan® Standard IBM Security Appscan® Source IBM Security Appscan® Enterprise Dynamic Analysis Software Testing (DAST) or black-box testing of your web application. Can run from a desktop. Used by organisation that want to scan the web applications themselves. For web and non web applications. Static Analysis Software testing (SAST) or whitebox testing to find vulnerabilities in the source code. For example to extend your QA testing procedures. A multi-user environment where multiple scans take place at the same time. It offers a dashboard and consolidated reporting environment. Enables organisations to centrally manage the secure coding performance. IBM Security Appscan® OnDemand SAAS version of IBM Security Appscan® Meant for organisations that are not able or do not want to build up their own testing expertise. The audit is performed by external experts. Either in-house by Sebyde or in the cloud by IBM expert teams. © Sebyde BV © 2013 Sebyde BV
  13. 13. 3. Security Awareness Training > 2-3 half-day sessions > Increase security awareness > Make people aware of the risks and dangers of working with information systems and (confidential) company data. > Explanation of many security-related facts that can disturb the business processes > Recognise possible risks > What to do when an incident occurs > Stimulates secure behaviour > Take security aspects into account during the daily activities © Sebyde BV © 2013 Sebyde BV
  14. 14. Specialised Security training Code Titel Duur CEH EC-Council Certified Ethical Hacker 5 days CHFI EC-Council Computer Hacking Forensic Investigator 5 days ECSA-LPT EC Council Security Analyst & Licensed Penetration Tester 5 days ECSP EC-Council Certified Secure Programmer 5 days EDRP EC-Council Disaster Recovery Professional 5 days ENSA EC-Council Network Security Administrator 5 days GK9840 CISSP Certification Preparation 5 days ISO27002F ISO 27002 Foundation (incl. exam ISFS) 2 days ISO27002A ISO 27002 Advanced (incl. exam ISMAS) 3 days These trainings by Global Knowledge © Sebyde BV © 2013 Sebyde BV
  15. 15. 4. Security Assessments > Quick Assessment – Company-wide general assessment of the ICT Security > Privacy Impact Assessment – Assessment of security measures at projects and systems that process personal data (privacy sensitive data) > Network Assessment – Penetration test – Open ports, leaks and vulnerable software > System Assessment – Configuration and settings – Physical infrastructure, Services, Software, BIOS, Operating System, etc. © Sebyde BV © 2013 Sebyde BV
  16. 16. Overview Sebyde services People Security Awareness • Management • Employee • Developers Sebyde Secure by Design Proces Security assessment Secure Development Software testing Technique Software services © Sebyde BV © 2013 Sebyde BV
  17. 17. Thanks! If you have any questions, please do not hesitate to contact us! Rob Koch (rob.koch@sebyde.nl) Derk Yntema (derk.yntema@sebyde.nl)

×