Scribd Logo
Upload

Welcome to Scribd!

  • Cypress Data Defense EASy Brochure

    Uploaded by

    maash
    7 views4 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views4 pages

    Cypress Data Defense EASy Brochure

    Uploaded by

    maash

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    DATA D EF EN S E

    Embedded Application security 


    (EAS y)

    Application security is hard. It’s hard to find security experts for your team, and once you get them it’s hard to keep them.
    There are so many commercial and open source tools available, how do you choose which one(s) to use? When you do decide,
    how do you configure them, schedule them, and run them? When they run they produce hundreds, even thousands of results
    with SO MANY false positives. How are you supposed to find the true vulnerabilities within that noise and get them quickly in
    front of your development team? How do you fix those vulnerabilities? Why do you always have to go to an external tool
    outside of your team's normal workflow? Do these problems sound familiar?

    Welcome to EASY (Embedded Application Security y-word). Yes, that’s “y-word”. We like to have fun too! We not only have the
    experts, we ARE the experts in application security. Our entire team has development experience; we know software and
    applications. And we really like security. We routinely train people and teams around the world in application security, and can
    bring our expertise to YOUR team.

    With EASy, we are virtually embedded into your team. We augment your development and security teams by:

    ▼ Configuring and running the tools


    ▼ Analyzing all of the results and eliminating the false positives
    ▼ Inserting true positives from all sources into your issue tracking systems (Azure, JIRA, GitHub, Zendesk)
    ▼ Integrating into CI/CD and DevSecOps processes
    ▼ Policy compliance
    ▼ Bringing the tool licenses so the price you see is the price you pay

    To put it simply, we put actionable results, quickly, directly in front of your devs using your normal Secure SDLC process.

    Have our experts be your appsec experts on your team. Let us scan your applications on a regular basis,
    either scheduled or as part of your CI/CD or DevOps build. Give your developers the power to fix
    security vulnerabilities when they are committed, not weeks or months later during a
    penetration test, when it’s too late to take action. Easily manage vulnerabilities in your
    applications with custom tags and filtering in your issue tracking system. As issues are
    resolved and are removed from the scans, they get automatically dispositioned in
    your issue tracking system.

    we seek to assist our clients


    with "right-sizing” their security
    programs. it's this pragmatic risk
    based approach that allows our
    clients to succeed with their
    security efforts.
    subject matter
    experts

    Cypress Data Defense is headquartered in Denver, Colorado. Our consultants work remotely, and are available for onsite travel
    for our national and international customers. We have a team of security consultants that live across the United States and
    come from various industries to provide a wide range of cyber security expertise that can be targeted/dedicated to client
    projects. We make sure to match the right resource based upon industry and expertise to client projects to ensure client
    deadlines and business objectives are fully recognized. Our founding partners, Steve Kosten, and Aaron Cure each bring their
    own background and expertise to the firm.

    steve aaron
    kosten cure

    A Principal Security Consultant at Cypress Data A Principle Security Consultant at Cypress


    Defense and an instructor for the SANS DEV541 Data Defense, and an instructor and contrib-
    Secure Coding in Java/JEE: Developing Defensible uting author for the CDD Introduction to
    Applications course. Internet Security in .NET course. He currently
    performs secure code review assessments,
    He's previously performed security work in the vulnerability assessment, penetration testing,
    defense and financial sectors and led the security and risk management reviews.
    department for a financial services firm.
    After ten years in the U.S. Army as a Russian
    At Cypress, Steve performs secure code review Linguist and a Satellite Repair Technician, he
    assessments, vulnerability assessment, penetra- worked as a database administrator and
    tion testing, and risk management reviews. He is programmer on the Iridium project, with
    also an Open Web Application Security Project subsequent positions as a telecommunica-
    (OWASP) Denver chapter board member and tions consultant, senior programmer, and
    former chapter leader, and presents security talks security consultant.
    at various conferences.
    Other experience includes developing security
    Steve holds a bachelor of science in Aerospace tools, secure code review, vulnerability
    Engineering from the Pennsylvania State Universi- assessment, penetration testing, risk assess-
    ty and a Master of Science in Information Security ment, static source code analysis, and
    from James Madison University. security research.

    He currently maintains GSSP-JAVA, GWAPT, CISSP, Aaron holds the GIAC GPEN, GSSP-.NET,
    and CISM certifications. GWAPT, GMOB, and CISSP certifications and
    is located in Arvada, CO.
    CYPRESS DATA DEFENSE
    our background

    Our mission at Cypress Data Defense is to help our clients build secure applications by providing training, introducing
    best practices, and evaluating security during every stage of the Secure Application Development Lifecycle. We offer a
    complete range of services related to this goal. We offer training in all aspects of cybersecurity including secure
    software development, industry best practices, and risk identification and management.

    One of our primary functions is to help organizations assess and mitigate risk with existing software. Whether we are
    involved before a project begins or any point in the lifecycle, we work with our clients to identify risks and develop
    secure environments and processes to mitigate these risks.

    Our security engineers average more than 15 years of development and security experience in various industries
    including e-commerce, government, banking, telecom, and engineering. They are seasoned professionals who under-
    stand the requirements of business and are able to recommend solutions that are both sound business and secure
    practices.

    We are frequently invited to speak at events such as AppSec USA, Java ONE, OWASP, SANS, and other conferences.
    Our engineers also routinely present to development and testing groups in their local communities. Many of us are also
    SANS instructors, and present at various conferences and private training sessions throughout the world.

    Industries
    we serve

    ▼ Financial & Banking ▼Healthcare ▼ Insurance ▼Education ▼Manufacturing ▼Retail


    ▼Government ▼Telecommunications ▼Engineering

    certifications
    we have

    ▼ Certified Information Systems Security Processional ▼GIAC Web Application Penetration Tester
    ▼ GIAC Secure Software Programmer .NET ▼GIAC Secure Software Programmer Java
    ▼Certified Information Security Management ▼GIAC Mobile Device Security Analyst
    ▼GIAC Penetration Tester ▼Offensive Security Certified Professional

    You might also like