Professional Services Overview

Similar documents
IoT & SCADA Cyber Security Services

RiskSense Attack Surface Validation for Web Applications

RiskSense Attack Surface Validation for IoT Systems

De-risk Your Applications. SUBSCRIBE TO EVRY S SECURITY TESTING AS A SERVICE (STaaS) TODAY!

OWASP Application Security Verification Standard (ASVS) Web Application Edition OWASP 03/09. The OWASP Foundation

Trustwave Managed Security Testing

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED

OWASP Top 10 The Ten Most Critical Web Application Security Risks

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Measuring and Evaluating Cyber Risk in ICS Components, Products and Systems

Threat Modeling for System Builders and System Breakers!! Dan Copyright 2014 Denim Group - All Rights Reserved

OWASP TOP 10 vs OWASP ASVS. Joe Blanchard St. Louis OWASP Chapter

Jim Reavis CEO and Founder Cloud Security Alliance December 2017

Suma Soft s IT Risk & Security Management Solutions for Global Enterprises

Development*Process*for*Secure* So2ware

OWASP ASVS for NFTaaS in Financial Services OLEKSANDR KAZYMYROV, TECHNICAL TEST ANALYST

CyberSecurity. Penetration Testing. Penetration Testing. Contact one of our specialists for more information CYBERSECURITY SERVICE DATASHEET

OWASP RFP CRITERIA v 1.1

Supply Chain Integrity and Security Assurance for ICT. Mats Nilsson

align security instill confidence

Securing Digital Applications

MASP Chapter on Safety and Security

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Brochure. Security. Fortify on Demand Dynamic Application Security Testing

Medical Device Safety in a Connected World

10 FOCUS AREAS FOR BREACH PREVENTION

Product Security Program

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

ALIENVAULT USM FOR AWS SOLUTION GUIDE

EFFECTIVE, SCALABLE, #FULLSTACK VULNERABILITY MANAGEMENT

FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY

CYBER SOLUTIONS & THREAT INTELLIGENCE

Application Security & Verification Requirements

Vulnerability Assessments and Penetration Testing

TEL2813/IS2820 Security Management

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

The requirements were developed with the following objectives in mind:

Hacking by Numbers OWASP. The OWASP Foundation

Cloud Security Alliance Quantum-safe Security Working Group

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Kaspersky Enterprise Cybersecurity. Kaspersky Security Assessment Services. #truecybersecurity

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Unlocking the Power of the Cloud

SIMPLIFYING THE CAR. Helix chassis. Helix chassis. Helix chassis WIND RIVER HELIX CHASSIS WIND RIVER HELIX DRIVE WIND RIVER HELIX CARSYNC

Information Security In Pakistan. & Software Security As A Quality Aspect. Nahil Mahmood, Chairman, Pakistan Cyber Security Association (PCSA)

Medigate and Palo Alto Networks Integration

CSWAE Certified Secure Web Application Engineer

Sage Data Security Services Directory

Twilio cloud communications SECURITY

Case Study: The Evolution of EMC s Product Security Office. Dan Reddy, CISSP, CSSLP EMC Product Security Office

SECURING DEVICES IN THE INTERNET OF THINGS

Secure Development Lifecycle

90% of data breaches are caused by software vulnerabilities.

SIEMLESS THREAT MANAGEMENT

Networking Fundamentals Training

IMEC Cybersecurity for Manufacturers Penetration Testing and Top 10

Easy Incorporation of OPTIGA TPMs to Support Mission-Critical Applications

McAfee Database Security Insights

RMS(one) Solutions PROGRESSIVE SECURITY FOR MISSION CRITICAL SOLUTIONS

Effective Threat Modeling using TAM

Internet of Things Security standards

Connected & Smart Home Research Package

CompTIA Security+ Study Guide (SY0-501)

Security Management Models And Practices Feb 5, 2008

Risk Informed Cyber Security for Nuclear Power Plants

Atlassian. Atlassian Software Development and Collaboration Tools. Bugcrowd Bounty Program Results. Report created on October 04, 2017.

SOLUTION BRIEF Virtual CISO

A Methodology to Build Lasting, Intelligent Cybersecurity Programs

European Union Agency for Network and Information Security

Redefining IT distribution. The Portfolio. The Nuvias vendor portfolio

Data Sheet The PCI DSS

Crown Jewels Risk Assessment: Cost- Effective Risk Identification

Cybersecurity. Securely enabling transformation and change

Instructor-led Training Course Catalog

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

IBM Proventia Network Enterprise Scanner

Certified Secure Web Application Engineer

DXC Security Training

Secure Product Design Lifecycle for Connected Vehicles

Your Trusted Partner in Europe European Business Reliance Centre

8 Must Have. Features for Risk-Based Vulnerability Management and More

Vulnerability Management

Penetration Testing! The Nitty Gritty. Jeremy Conway Partner/CTO

PROFESSIONAL SERVICES (Solution Brief)

Course 831 EC-Council Certified Ethical Hacker v10 (CEH)

Security Solutions. Overview. Business Needs

Making the web secure by design

Penetration testing.

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification

AGILE AND CONTINUOUS THREAT MODELS

UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS NETWORK SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

How to Create, Deploy, & Operate Secure IoT Applications

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

Jane s Defence Industry & Markets Intelligence Centre. Develop Advantage. Mitigate Risk. Capture Opportunity.

Tiger Scheme QST/CTM Standard

MEDICAL DEVICE CYBERSECURITY: FDA APPROACH

Vulnerability Disclosure Policy. v.1.1

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.

Transcription:

Professional Services Overview Internet of Things (IoT) Security Assessment and Advisory Services IOT APPLICATION MOBILE CLOUD NETWORK

Company Overview HISTORY HISTORY Founded in 2010 Headquartered in Austin, TX Self-funded Profitable since inception Healthcare Technology ATTRIBUTES ATTRIBUTES Superior technical prowess Comprehensive reporting Trusted business acumen Time-tested methodologies Energy FOCUSED ON FORTUNE 1,000 & VENTURE-BACKED STARTUPS Finance PROPOSITION PROPOSITION Praetorian provides end-to-end Internet of Things (IoT) penetration testing and security assessment services that help organizations successfully balance risk with time-to-market pressures. Manufacturing Automotive 2

Internet of Things (IoT) Security Assessments, from Chip to Cloud IOT WEB MOBILE EMBEDDED DEVICES APPLICATIONS CLOUD NETWORK ICS Identify physical and logical security threats to the embedded systems in IoT product ecosystem. We actively analyze web and mobile applications for any weaknesses, technical flaws, or vulnerabilities. PROFESSIONAL SECURITY EVALUATIONS Penetration Testing Run-time Analysis DEVICE FIRMWARE We help ensure hardware and chip makers have sufficiently addressed IoT firmware insecurities. INTERNET OF THINGS END-TO-END SECURITY CLOUD SERVICES It is critical that cloud services and APIs be tested to determine whether they can be abused by attackers. Reverse Engineering Binary Analysis Code Reviews Threat Modeling Device Testing Static Analysis Design Analysis Hardware Analysis WIRELESS PROTOCOLS Validate security and configuration of wireless communication such as ZigBee, 6LoWPAN, and BLE. INFRASTRUCTURE Is backend network infrastructure that is supporting your Internet of Things product ecosystem secure? GET STARTED (800) 675-5152 info@praetorian.com www.praetorian.com Guided by OWASP Application Security Verification Standard (ASVS) Gain confidence that your Internet of Things (IoT) devices and data are secure Praetorian provides end-to-end Internet of Things (IoT) penetration testing and security assessment services that help organizations successfully balance risk with timeto-market pressures. Our solutions provide coverage across technological domains, including embedded devices, firmware, wireless communication protocols, web and mobile applications, cloud services and APIs, and back-end network infrastructure. 3

Professional Security Assessment Services Overview IOT WEB MOBILE CLOUD NETWORK ICS PROFESSIONAL SECURITY EVALUATIONS Penetration Testing Reverse Engineering Code Reviews Threat Modeling Device Testing Run-time Analysis Binary Analysis Static Analysis Design Analysis Hardware Analysis GET STARTED (800) 675-5152 info@praetorian.com www.praetorian.com Guided by OWASP Application Security Verification Standard (ASVS) Based on IEEE Computer Society estimates 4

OWASP Application Security Verification Standard (ASVS) IOT WEB MOBILE CLOUD NETWORK ICS Praetorian follows the OWASP ASVS standard, which normalizes the range in coverage and level of rigor applied to each application. PROFESSIONAL SECURITY EVALUATIONS LEVEL 0 Cursory Level 0 (or Cursory) is an optional certification, indicating that the application has passed some type of verification. Penetration Testing Run-time Analysis Reverse Engineering Code Reviews Threat Modeling Binary Analysis Static Analysis Design Analysis LEVEL 1 Opportunistic Level 1 (or Opportunistic) certified applications adequately defend against security vulnerabilities that are easy to discover. Device Testing Hardware Analysis LEVEL 2 Standard Level 2 (or Standard) verified applications adequately defend against prevalent security vulnerabilities whose existence poses moderate-to-serious risk. GET STARTED (800) 675-5152 info@praetorian.com www.praetorian.com Guided by OWASP Application Security Verification Standard (ASVS) LEVEL 3 Advanced Level 3 (or Advanced) certified applications adequately defend against advanced security vulnerabilities, and demonstrate principles of good security design. 5

OWASP Application Security Verification Standard (ASVS) IOT WEB MOBILE CLOUD NETWORK ICS Praetorian follows the OWASP ASVS standard, which normalizes the range in coverage and level of rigor applied to each application. OWASP ASVS defines the following security requirements areas: PROFESSIONAL SECURITY EVALUATIONS Penetration Testing Run-time Analysis Reverse Engineering Binary Analysis Code Reviews Static Analysis Threat Modeling Design Analysis Authentication Session Management Access Control Communications Security HTTP Security Malicious Controls Device Testing Hardware Analysis Malicious Input Handling Business Logic Cryptography at Rest File and Resource GET STARTED (800) 675-5152 info@praetorian.com www.praetorian.com Guided by OWASP Application Security Verification Standard (ASVS) Error Handling and Logging Data Protection Mobile Embedded Devices NEW 6

OWASP ASVS for Internet of Things (IoT) Testing Coverage Matrix Security Control Group Level 1: Opportunistic Level 2: Standard Level 3: Advanced Architecture, Design, Threat Modeling 1 / 11 8 / 11 11 / 11 Authentication Controls 17 / 26 24 / 26 26 / 26 Session Management Controls 11 / 13 13 / 13 13 / 13 Access Control 7 / 12 11 / 12 12 / 12 Malicious Input Handling 10 / 21 20 / 21 21 / 21 Cryptography at Rest Controls 2 / 10 7 / 10 10 / 10 Error Handling & Logging Controls 3 / 13 9 / 13 13 / 13 Data Protection Controls 4 / 11 8 / 11 11 / 11 Communications Security Controls 7 / 13 9 / 13 13 / 13 To help product teams address emerging security challenges, Praetorian has created research-driven evaluation methodologies that incorporate guidance from the OWASP Application Security Verification Standard (ASVS), which normalizes the range in coverage and level of rigor applied to each application. With its 3 levels of testing rigor, 17 security control categories, and 211 defined test cases, this approach allows our team to meet your unique testing and budget goals by offering tiered pricing based on the comprehensiveness of the security review. HTTP Security Controls 6 / 8 8 / 8 8 / 8 Malicious Controls 0 / 2 0 / 2 2 / 2 Business Logic Controls 0 / 2 2 / 2 2 / 2 Files and Resources Controls 7 / 9 9 / 9 9 / 9 Mobile Controls 7 / 11 10 / 11 11 / 11 Web Services Controls 7 / 10 10 / 10 10 / 10 Configuration Controls 1 / 10 5 / 10 10 / 10 Embedded Device Controls NEW 10 / 29 20 / 29 29 / 29 Excellent Good Fair Inadequate Coverage Key OWASP ASVS defines specific test cases that are in scope for each ASVS Level 7

The Diana Platform Continuous Security Unified Through Software Extends security evaluations that represent a single, snapshot in time with Diana s subscription model that offers continuous security analysis Using multiple analysis methods to identify new vulnerabilities introduced by incremental code movement, Diana is designed to provide on-going, comprehensive, and efficient security coverage The Diana Platform enables you to: Track vulnerabilities to closure from identification to remediation Benchmark your results over time and across application portfolio Integrate with 3rd-party bug tracking software and CI/CD pipeline EXPORT Bug Tracking 8

Gain confidence that your Internet of Things devices and data are secure. We help product teams focus on innovation by helping solve their complex security challenges. Learn More About Our Approach and expertise https://www.praetorian.com/expertise/internet-of-things EXCELLENCE IN SERVICE Find out why 97% of our clients are highly likely to recommend Praetorian. Based on all-time Net Promoter Score (NPS) of 86 9

We Are the Security Experts Solving Your Cybersecurity Problems IOT APPLICATION MOBILE CLOUD NETWORK

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback