appcurity · (gwapt, gssp and ceh) *mr. carl davis –sr. appsec engineer (cissp and ceh) *mrs. nan...
TRANSCRIPT
Confidential | Not for Distribution AppCurity Inc.
The information provided by AppCurity in this power point presentation is unique to this business and confidential; therefore, anyone viewing this presentation agrees not to disclose.
www.appcurity.com
AppCurityAPPLICATION SECURITY RISK MANAGEMENT SOLUTIONS FOR DEVOPS
AppCurity –The Evolving Cure for an ever Evolving Threat
Confidential | Not for Distribution AppCurity Inc.
Introduction
Our Mission:
“Build awareness and empower development to reduce risk earlier in the lifecycle”
We specialize in building cutting-edge, end-to-end, fully Automated
Application Security Pipelines as part of the Continuous Integration /
Continuous Deployment (CI/CD) process for DevOps, allowing security
organizations to fully support fast-paced, lean, Agile development.
Our Application Security Build Engineers and Developers integrate best in
breed security solutions i.e. (IBM Security AppScan Enterprise, HP Fortify,
Veracode, etc.) with (CI / CD) tools such as Jenkins, Bamboo and TFS to
deliver full automation throughout the SDLC at Build and during Deploys.
Confidential | Not for Distribution AppCurity Inc.
Today the Application Layer is now the #1 Attack vector for Hackers. Hackers are targetingmillions of insecurely coded applications leading to daily breaches and compromises ofcritically sensitive data, costing businesses on average 5 million dollars and roughly 230dollars per record , further contributing to the social problem of Identity Theft.
THE PROBLEMS WE SOLVE:• Providing a Centralized, Repeatable means to engage InfoSec & AppSec
• Providing Automated reliable Security Testing that scales for fast-paced Agile Development
• Providing Consistent, Real-time Secure Coding Awareness and Training for Developers
• Providing Real-time, Actionable AppSec KPI Metrics for Leadership
Confidential | Not for Distribution AppCurity Inc.
AppCurity Team
AppCurity Inc. is an ASL (Application Specific Licensing) designated, IBM Security Business
Partner specializing in the delivery of critical AppScan - Application Security solutions for
DevOps, which significantly reduce SDLC business risk at the application layer for all business
sectors.
AppCurity Inc. launched in January of 2015. Since 2015, The Company has been delivering
advanced Application Security solutions for DevOps to Fortune 500 clients in the Financial
Services, Card Processing, Retail, E-commerce, Insurance, Health Care and Telecommunications
industries.
OUR TEAM:
*Mr. Michael Sheppard – Sr. AppScan / AppSec SME
(GWAPT, GSSP and CEH)
*Mr. Carl Davis – Sr. AppSec Engineer
(CISSP and CEH)
*Mrs. Nan Chen – Sr. Security Software Developer
(Java)
*Mr. Roman Rounkle – Sr. AppSec Pen Tester / Ethical Hacker
(GPEN, GWAPT, GSSP and CEH)
*Mr. Sherard Howe – Sr. IBM AppScan / HP Fortify SME
(IBM Certified Deployment Professional)
*Mr. Jason Smith – Sr. DevOps Security Build Engineer
(GSSP, Java, Jenkins, Splunk, Stash, Nexus, Maven and TFS)
*Mr. Michael Moore – Sr. Security Software Developer
(.net / C/C++)
OUR COMPANY:
Confidential | Not for Distribution AppCurity Inc.
Application Security Solutions for DevOps
5 key continuous application security program capabilities:
• Automated AppSec Engagement with Risk Questionnaire Form
• Secure Assist IDE Plug-in (Secure Code Spell-Checker)
• Static & Dynamic Automated Security Testing pipelines as part of CI/CD for DevOps
• Real-time AppSec KPI Metrics Dashboard
• Application Security Risk Management
key continuous application security program tools:
• Atlassian Confluence – JIRA integration
• Eclipse, IntelliJ and Visual Studio IDEs
• Jenkins, TFS, Bamboo, TeamCity and more
• Splunk
• IBM Security AppScan Source & Enterprise, HPE Fortify & Web Inspect, Veracode
Confidential | Not for Distribution AppCurity Inc.
AppSec Engagement Risk Questionnaire Form
Atlassian Confluence
Confidential | Not for Distribution AppCurity Inc.
Automatically Created JIRA Tickets
Atlassian JIRA
Confidential | Not for Distribution AppCurity Inc.
Secure Assist IDE Plugin – (Secure Coding Spell-Checker)
1 –Automatically identifies coding errors as code is developed
2 – Issues are linked to precise line in source
3 – Displays customizable, context-sensitive, secure coding guidance
4 – Displays diagnostic call chain
Confidential | Not for Distribution AppCurity Inc.
SAST & DAST Security Testing Automation Pipeline
Jenkins | TFS | Bamboo | TeamCity
Jenkins
Confidential | Not for Distribution AppCurity Inc.
AppSec KPI Metrics Dashboard
Splunk ITSI
Service Security Health
Confidential | Not for Distribution AppCurity Inc.
Application Security Risk Management
IBM | HPE | Veracode
Confidential | Not for Distribution AppCurity Inc.AppCurity – The Evolving Cure for the ever Evolving Threat
Thank You
www.appcurity.com
APPCURITY830 Stewart DriveSuite 260, Sunnyvale, California 94085Toll: (888) 622-1730Direct: (408) 912-1727Website: www.appcurity.com
Michael Sheppard, CEODirect (510) [email protected]