Securely Built offers several security services to help bring security to your organization.
Download our latest education catalog
Security Education Services
Securely Built can provide an education to development teams as well as more general education for a non-technical audience. The education can be tailored for the level of expertise of the development team as well as the topic ranging from threat modeling, secure design concepts, secure code reviews, vulnerability testing and more.
Securely Built has a designed a curriculum that provides developers concepts around secure software development including:
Securely Built can also tailor your education needs by customizing the training to target your specific business.
- Confidentiality, Integrity, Availability
- Introduction to the OWASP Top 10
- Encryption best practices
- Identity and Access Management (IAM)
- Threat Modeling and Risk Rating
- Using security testing tools in the SDLC
For the non-technical audience education can include current security topics, how to protect yourself on the internet, how to prevent phishing, how to spot an attack and more. The education is designed to be for audiences of all technical levels and can be used to meet general security awareness training compliance. This training includes the following:
- Anatomy of a Cyber-Attack
- Data Security & Privacy
- Privileged Access & Least privilege
- Phishing & Social Engineering attacks
Have Securely Built come give a talk at your next conference or an on-premise talk at your company location. Talks can be tailored to your industry and subject matter. In each talk, Securely Built relies on years of real-world experience in engineering and security to present you with the industries current challenges around security as well as the best practices to be better prepared to handle these challenges.
Secure SDLC (Software Development Life-Cycle) Services
Building a Secure SDLC Program
Defining a Secure SDLC can be a daunting task. With the various models and frameworks that are available it can difficult to understand which ones can work in your environment. Securely Built has experience in developing a Secure SDLC program using industry standards and well-known process and frameworks. By reviewing your current development practices and pipelines, Securely Built will provide guidance on ensuring that your development team has created a more secure posture.
Starting with the design phase through deployment Securely Built will help with the creation of secure development requirements, a maturity model that fits your organization, security testing and developing an operating model that maintains security throughout the development pipeline and supply chain.
Securely Built can help your business build a maturity model that provides you with a path to more secure development. With a maturity model, you will be equipped with the means to measure your current security posture and determine the best path forward to increase your security.
Threat modeling can be achieved in two ways. The first and arguably the best method is to gather with the development team and diagram the architecture. During this activity the various components of the application will be identified including external connections. Threats and risk will be identified using the threat classification model STRIDE.
An alternative method to threat modeling is the use of a tool like Microsoft Threat Modeling Tool that can be used to diagram your architecture and create a list of potential threats following the threat classification model STRIDE.
In either case, Securely Built can assist with the creation of the threat model, identification of the threats, recommendation on the remediations and possible courses of action.
Scanning of the code and application can occur at several stages and can include multiple tools working in concert to provide a complete picture of the software vulnerabilities. There are many tools that can be used. They can be open source tools that provide some visibility into the possible vulnerabilities, as well as commercial tools that can provide more robust output. Securely Built can aid in choosing which tools are appropriate for a given application and how to configure them and return meaningful metrics.