More Related Content
Similar to Introduction Sebyde BV | Security Testing | Security Awareness | Secure Development
Similar to Introduction Sebyde BV | Security Testing | Security Awareness | Secure Development (20)
More from Derk Yntema (14)
Introduction Sebyde BV | Security Testing | Security Awareness | Secure Development
- 2. Who are we?
> SEBYDE (se-bee-de)
– Secure by Design
> IBM Certified Business Partner
> Specialised in:
– Security Assessments
• Application security scans
• Network + Systems
– Security Awareness
• Change of behaviour and motivation
• Security Awareness program
© Sebyde BV
© 2013 Sebyde BV
- 3. Focus of hackers changed
From
Infrastructure
To
Applications
© Sebyde BV
© 2013 Sebyde BV
- 4. Reality …
> 60-80% of Web applications / Websites have at least one weak security point
(vulnerability).
> 75% of all hacks are targeted at Web applications / Websites
> IBM’s X-Force Report March 2013: 43% of all security issues are caused by Web
applications.
> 81% of the Web applications do not comply to the PCI DSS regulation
(Payment Card Industry).
> IDC Research: 25% of all companies are “exploited” via a weak spot in the Web
Application security.
> Unaware users are infected by websites with “Malware”.
> Google : >2 Million search requests per month “How to hack”, “Download hacking
tools” and related information.
© Sebyde BV
© 2013 Sebyde BV
- 5. Damage
> Theft
– Information
– Privacy sensitive information
– money
> System failure
– Application not available
– Loss of business
– DDOS
> Repair costs
– Software
– Information
> Reputation
– Customer trust
– News / media
– Costs: ????
– Indirect (ISP)
> Fines
– EU Privacy act
– CBP
© Sebyde BV
© 2013 Sebyde BV
- 7. The solution: Secure by Design
> Prevent weaknesses in the IT security by taking the security aspects into account at
the building /programming phase of applications.
> Designers and programmers should assume that applications will be attacked
immediately after they have been taken into use.
> Software Security is an integral part of the development process.
© Sebyde BV
© 2013 Sebyde BV
- 8. Loss of customer trust
Law suits
Reputation damage
Repair costs
Fines
Test Early
Production phase
At an incident
Early testing safes money. 80% of the
development costs are spent at
problem solving of applications.
Solving vulnerability issues in an
application that has already been
taken into use costs 100 times more
than solving the issues in the
development phase.
100x
Deployment phase
Dynamic testing
15x
Test phase
Acceptance testing
6,5 x
Development
Static testing
1x
Design
Secure by Design
© Sebyde BV
© 2013 Sebyde BV
- 11. 1. Security Scan
> Scan your web application(s) for 1400+ exploits
> We use a specialised tool, IBM Security Appscan®
> We deliver clear reports of the weak security points (vulnerabilities) in the
application and an advise how to repair them
> Support during the repair of the source code
> Fast result
> 3 days (Full scan)
> 1 day (Vital Few scan)
> One-time, subscription
© Sebyde BV
© 2013 Sebyde BV
- 12. 2. Secure development
Outsourced Audits
In-House Audits
Development
Integration
Enterprise
Sebyde Security Scan
IBM Security
Appscan® Standard
IBM Security
Appscan® Source
IBM Security
Appscan® Enterprise
Dynamic Analysis
Software Testing (DAST)
or black-box testing of
your web application.
Can run from a desktop.
Used by organisation
that want to scan the
web applications
themselves.
For web and non web
applications. Static
Analysis Software
testing (SAST) or whitebox testing to find
vulnerabilities in the
source code. For
example to extend your
QA testing procedures.
A multi-user
environment where
multiple scans take
place at the same time.
It offers a dashboard
and consolidated
reporting environment.
Enables organisations to
centrally manage the
secure coding
performance.
IBM Security
Appscan® OnDemand
SAAS version of IBM
Security Appscan® Meant
for organisations that
are not able or do not
want to build up their
own testing expertise.
The audit is performed
by external experts.
Either in-house by
Sebyde or in the cloud
by IBM expert teams.
© Sebyde BV
© 2013 Sebyde BV
- 13. 3. Security Awareness Training
> 2-3 half-day sessions
> Increase security awareness
> Make people aware of the risks and dangers of working with information systems
and (confidential) company data.
> Explanation of many security-related facts that can disturb the business processes
> Recognise possible risks
> What to do when an incident occurs
> Stimulates secure behaviour
> Take security aspects into account during the daily activities
© Sebyde BV
© 2013 Sebyde BV
- 14. Specialised Security training
Code
Titel
Duur
CEH
EC-Council Certified Ethical Hacker
5 days
CHFI
EC-Council Computer Hacking Forensic Investigator
5 days
ECSA-LPT
EC Council Security Analyst & Licensed Penetration Tester
5 days
ECSP
EC-Council Certified Secure Programmer
5 days
EDRP
EC-Council Disaster Recovery Professional
5 days
ENSA
EC-Council Network Security Administrator
5 days
GK9840
CISSP Certification Preparation
5 days
ISO27002F
ISO 27002 Foundation (incl. exam ISFS)
2 days
ISO27002A
ISO 27002 Advanced (incl. exam ISMAS)
3 days
These trainings by Global Knowledge
© Sebyde BV
© 2013 Sebyde BV
- 15. 4. Security Assessments
> Quick Assessment
– Company-wide general assessment of the ICT Security
> Privacy Impact Assessment
– Assessment of security measures at projects and systems that
process personal data (privacy sensitive data)
> Network Assessment
– Penetration test
– Open ports, leaks and vulnerable software
> System Assessment
– Configuration and settings
– Physical infrastructure, Services, Software, BIOS, Operating
System, etc.
© Sebyde BV
© 2013 Sebyde BV
- 17. Thanks!
If you have any questions, please do
not hesitate to contact us!
Rob Koch (rob.koch@sebyde.nl)
Derk Yntema (derk.yntema@sebyde.nl)