appcurity · (gwapt, gssp and ceh) mr. carl davis –sr. appsec engineer (cissp and ceh) mrs. nan...

Confidential | Not for Distribution AppCurity Inc.

The information provided by AppCurity in this power point presentation is unique to this business and confidential; therefore, anyone viewing this presentation agrees not to disclose.

www.appcurity.com

AppCurityAPPLICATION SECURITY RISK MANAGEMENT SOLUTIONS FOR DEVOPS

AppCurity –The Evolving Cure for an ever Evolving Threat


Introduction

Our Mission:

“Build awareness and empower development to reduce risk earlier in the lifecycle”

We specialize in building cutting-edge, end-to-end, fully Automated

Application Security Pipelines as part of the Continuous Integration /

Continuous Deployment (CI/CD) process for DevOps, allowing security

organizations to fully support fast-paced, lean, Agile development.

Our Application Security Build Engineers and Developers integrate best in

breed security solutions i.e. (IBM Security AppScan Enterprise, HP Fortify,

Veracode, etc.) with (CI / CD) tools such as Jenkins, Bamboo and TFS to

deliver full automation throughout the SDLC at Build and during Deploys.


Today the Application Layer is now the #1 Attack vector for Hackers. Hackers are targetingmillions of insecurely coded applications leading to daily breaches and compromises ofcritically sensitive data, costing businesses on average 5 million dollars and roughly 230dollars per record , further contributing to the social problem of Identity Theft.

THE PROBLEMS WE SOLVE:• Providing a Centralized, Repeatable means to engage InfoSec & AppSec

• Providing Automated reliable Security Testing that scales for fast-paced Agile Development

• Providing Consistent, Real-time Secure Coding Awareness and Training for Developers

• Providing Real-time, Actionable AppSec KPI Metrics for Leadership


AppCurity Team

AppCurity Inc. is an ASL (Application Specific Licensing) designated, IBM Security Business

Partner specializing in the delivery of critical AppScan - Application Security solutions for

DevOps, which significantly reduce SDLC business risk at the application layer for all business

sectors.

AppCurity Inc. launched in January of 2015. Since 2015, The Company has been delivering

advanced Application Security solutions for DevOps to Fortune 500 clients in the Financial

Services, Card Processing, Retail, E-commerce, Insurance, Health Care and Telecommunications

industries.

OUR TEAM:

*Mr. Michael Sheppard – Sr. AppScan / AppSec SME

(GWAPT, GSSP and CEH)

*Mr. Carl Davis – Sr. AppSec Engineer

(CISSP and CEH)

*Mrs. Nan Chen – Sr. Security Software Developer

(Java)

*Mr. Roman Rounkle – Sr. AppSec Pen Tester / Ethical Hacker

(GPEN, GWAPT, GSSP and CEH)

*Mr. Sherard Howe – Sr. IBM AppScan / HP Fortify SME

(IBM Certified Deployment Professional)

*Mr. Jason Smith – Sr. DevOps Security Build Engineer

(GSSP, Java, Jenkins, Splunk, Stash, Nexus, Maven and TFS)

*Mr. Michael Moore – Sr. Security Software Developer

(.net / C/C++)

OUR COMPANY:


Application Security Solutions for DevOps

5 key continuous application security program capabilities:

• Automated AppSec Engagement with Risk Questionnaire Form

• Secure Assist IDE Plug-in (Secure Code Spell-Checker)

• Static & Dynamic Automated Security Testing pipelines as part of CI/CD for DevOps

• Real-time AppSec KPI Metrics Dashboard

• Application Security Risk Management

key continuous application security program tools:

• Atlassian Confluence – JIRA integration

• Eclipse, IntelliJ and Visual Studio IDEs

• Jenkins, TFS, Bamboo, TeamCity and more

• Splunk

• IBM Security AppScan Source & Enterprise, HPE Fortify & Web Inspect, Veracode


Risk Form Sneak Peek


AppSec Engagement Risk Questionnaire Form

Atlassian Confluence


JIRA Ticket Creator Plug-in

Atlassian JIRA


Automatically Created JIRA Tickets

Atlassian JIRA


Secure Assist Sneak Peek


Secure Assist IDE Plugin – (Secure Coding Spell-Checker)

1 –Automatically identifies coding errors as code is developed

2 – Issues are linked to precise line in source

3 – Displays customizable, context-sensitive, secure coding guidance

4 – Displays diagnostic call chain


AppSec Pipeline Sneak Peek


SAST & DAST Security Testing Automation Pipeline

Jenkins | TFS | Bamboo | TeamCity

Jenkins


Metrics Sneak Peek


AppSec KPI Metrics Dashboard

Splunk ITSI

Service Security Health


AppSec Risk Mgmt Sneak Peek


Application Security Risk Management

IBM | HPE | Veracode

Confidential | Not for Distribution AppCurity Inc.AppCurity – The Evolving Cure for the ever Evolving Threat

Thank You

www.appcurity.com

APPCURITY830 Stewart DriveSuite 260, Sunnyvale, California 94085Toll: (888) 622-1730Direct: (408) 912-1727Website: www.appcurity.com

Michael Sheppard, CEODirect (510) [email protected]

appcurity · (gwapt, gssp and ceh) *mr. carl davis –sr. appsec engineer (cissp and ceh) *mrs. nan...

Documents

appcurity · (gwapt, gssp and ceh) mr. carl davis –sr. appsec engineer (cissp and ceh) mrs. nan...