2. Agenda
When clients need security
Price of security breach
Security as competitive ad
Services and who needs it
Your imaginary
Really Fun STORIES
Why should you sell it
Leading questions to qualify an opportunity
Success Stories
7. When clients need Security?
1. They (or their competitors) were hacked in the past or recently
2. Fear of future breaches
3. Regulatory/Compliance (PCIDSS, SOC, HIPAA, FedRump, SOX,
ISO27001) HiTRUST) – we do!
4. Client require some proof that application is secure to use and
someone have made that check
5. Intellectual property needs protection
6. Significant reputational or financial risks
7. Merger, Acquisition or IPO event (Verizon-Yahoo case, Diplomat-
TNH)
12. WHY your clients NEED Security
Industry
Compliance
Government
Regulation
Business
availability
Capitalization
Statistic of Breaches
Customer
requirement
Previous bad
experience
13. Consequences of Security FAILURE
Trust
Money
Data
stolen
Time
to recover
Penalties
for incident
Customers
Reputation
16. How security is integrated into development NOW?
Than start process of re-Coding, re-Building, re-Testing, re-Auditing
3rd party or internal audit
Tone of
security
defects
BACK to re-Coding, re-Building, re-Testing, re-Auditing
17. Security in Software Development
Developer
Have to deliver hi-quality code.
Implements functionality
QA
Have to assure that developers do not makes misstates.
Focused on functionality.
Security
He have to assure that App can’t be hacked or misused.
Focused on non-functional elements.
?
Security Consulting Group
experts on a project
Control Functionality Implementation
Control Security Implementation
24. QA Engineer Security expert
In functional and performance testing, the
expected results are documented before the
test begins, and the quality assurance team
looks at how well the expected results match
the actual results
In security testing, security analysts team is
concerned only with unexpected results and
testing for the unknown and looking for
weaknesses. They are EXPERTS.
VS.
25. How it should be
With proper Security Program number of
security defects should decrease from phase
to phase
Automated
security
Tests
CI
integrated
Manual
Security/penetration
Testing
OWASP methodology
Secure
Coding
trainings
Regular
Vulnerability
Scans
Minimize the costs of the
Security related issues
Avoid repetitive security
issues
Avoid inconsistent level of
the security
Determine activities that
pay back faster during
current state of the project
27. Our app code
need to be verified
for Security
PM & company
Demonstrate excellence
Competitiveadvantage
Reporting
for 2 security experts
Report with findings
Fix it! Non compliant?Good boys!
Security
Group
Request
App
verification
PM
• Explain security defect and
severity
• Fix identified security defects
• Train developers and QA
• Transfer checklists and guides
GreatAchievement
Scenario 1.
PM worried about security on
project.
Code micro-assessment.
Re-check
Monitor
Next page
How to present to client
and earn more $$$ ?
• Manual Code Review
• Penetration Testing
• Scan sources with Tools
• Filtering False Positive
• Compile report
• Review architecture
• Dynamic test
• Rate risks
Delivery Director/PM
28. Oh Rashid,
Who wrote it?
We have found
some security
issues with your
legacy code
Indian team. Our
security experts can
perform comprehensive
Security Assessment
And then our dev team
will fix identified defects
as it put other projects
under risk
Ok, do it. How
much should it
cost?
Only $XX.XXX
for Security
AssessmentDeal!
Do it ASAP.
1 2
34
29. Differentiation on Enterprise scale projects!
Product Development
$365K/month
50+ .NET developers, QA, BA, PM, UX
Differentiation:
We will deliver secure and compliant app
How do you guarantee our security? How do you guarantee our security?
Product Development
$365K/month
50+ .NET developers, QA, BA, PM, UX
Product Development
$365K/month
50+ .NET developers, QA, BA,
YOU
31. What Security Services are offered by UD and who need it?
Title (who) Need (what)
VP of Engineering, CTO Compliance, Secure SDLC, Code security,
Application Scanning, Penetration Testing
Head of IT CIO/CISO Managed Security Services, Security Program
Strategy, Compliance, Incident Response,
Vulnerability management
Head of QA Application Security Assessment, App
Certification
Security Department Lead Manual Penetration Testing
Product Manager Security Requirements, Security Architecture, IP
protection
32. Why should you be interested in it?
1. It can be your step-in into organization. You can start
with security and then do software development,
DevOps, BigData etc.
2. It can differentiate our standard development offering
3. It provides more value to existing client
4. It increase your trust. Raises our position as trusted
Partner.