- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



Similar documents
Introduction to Web Application Security. Microsoft CSO Roundtable Houston, TX. September 13 th, 2006

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

Turning the Battleship: How to Build Secure Software in Large Organizations. Dan Cornell May 11 th, 2006

Skeletons in the Closet: Securing Inherited Applications

About MicroSolved, Inc. Company Profile, Experience, Capabilities and Differentiators

Systems Engineer - Payments Security Engineering Job ID: Amazon Data Srvcs Ireland Ltd

Is your business prepared for Cyber Risks in 2016

4289 Moccasin Trail Woodstock, GA USA. Company Overview

Integrated Threat & Security Management.

Application and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium

Learning objectives for today s session

Application Backdoor Assessment. Complete securing of your applications

Black Box versus White Box: Different App Testing Strategies John B. Dickson, CISSP

Defending the Database Techniques and best practices

S-Power Software Solutions Enterprise Class Software Solutions for Small- and Medium- Sized Business Environments at Breathtaking Price

NETWORK PENETRATION TESTING

Fortify. Securing Your Entire Software Portfolio

How to Build a Trusted Application. John Dickson, CISSP

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

Web Application Remediation. OWASP San Antonio. March 28 th, 2007

Cenzic Product Guide. Cloud, Mobile and Web Application Security

About Terrace. Company History P.O. Box San Francisco, Ca

AUTOMATED PENETRATION TESTING PRODUCTS

Our Technology.NET Development services by Portweb Inc.

The ICS Approach to Security-Focused IT Solutions

ASSOCIATE IN ARTS DEGREE-60 UNITS

Securing the Cloud Infrastructure

HP Application Security Center

Inputsoft Business Software & Consulting. Learn more at

Zend and IBM: Bringing the power of PHP applications to the enterprise

Mobilizing the Shopping Store

MySQL Web Development PHP. System Administration XML APIs. Large Scale Systems Implementation. Amazon Web Services (AWS) Shell Scripting

Agile and Secure: OWASP AppSec Seattle Oct The OWASP Foundation

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

Artezio Company Profile

ELOGIX SOFTWARE BUSINESS ADVANTAGE DELIVERED PRACTICE DETAILS

Adding value to our customers. Global IT Solutions & Services Provider Rapid Delivery of High Quality IT Services at Reduced Costs

Security Consulting. Services Overview

CONTENTS. Introduction 3. Our Team 5. Our Strategy 6. Solution Domains We Serve 7. Technology Platforms We Serve 8. Our Execution Practices 10

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Threat Modeling. Categorizing the nature and severity of system vulnerabilities. John B. Dickson, CISSP

Application Security Center overview

Seven Practical Steps to Delivering More Secure Software. January 2011

Vulnerability Management in an Application Security World. January 29 th, 2009

Using Sprajax to Test AJAX. OWASP AppSec Seattle Oct The OWASP Foundation

Log Management How to Develop the Right Strategy for Business and Compliance. Log Management

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Strauss Strategy an IT consulting firm boasting unique characteristics & advantages

McAfee Database Security. Dan Sarel, VP Database Security Products

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform

IBM Rational AppScan: Application security and risk management

Accelerating High Performance with Accenture Application Services for Java

Kiefer Consulting, Inc Job Opportunities

WEB APPLICATION VULNERABILITY STATISTICS (2013)

AUTOMATED PENETRATION TESTING PRODUCTS

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

JBoss Enterprise Middleware

Application Monitoring for SAP

Nicholas J. Parks, M.S.W.E

DBMS Infrastructures and IT Career Recommendations. Jeff Fineberg November 21, 2011

Effective Software Security Management

Computer Science A.A. Degree, Certificate of Achievement & Department Certificate Programs

THE FIRST UNIFIED DATABASE SECURITY SOLUTION. Product Overview Security. Auditing. Caching. Masking.

Company. To become the pre-eminent South African-based provider of software solutions and services in the Financial Services and affiliated markets

Managed Security Monitoring Quick Guide 5/26/ EarthLink. Trademarks are property of their respective owners. All rights reserved.

RESEARCH NOTE CYBER-ARK FOR PRIVILEGED ACCOUNT MANAGEMENT

Staying a step ahead of the hackers: the importance of identifying critical Web application vulnerabilities.

IBM Global Business Services Microsoft Dynamics AX solutions from IBM

ICT budget and staffing trends in the UK

VeriSign Global Security Consulting Services

Your world runs on applications. Secure them with Veracode.

SECURITY PATCH MANAGEMENT INSTALLATION POLICY AND PROCEDURES

Cisco Security Optimization Service

case study Core Security Technologies Summary Introductory Overview ORGANIZATION: PROJECT NAME:

Review: McAfee Vulnerability Manager

Net Developer Role Description Responsibilities Qualifications

Leveraging security from the cloud

Application Security and the SDLC. Dan Cornell Denim Group, Ltd.

Call us today to help you (888) LAWSON CERTIFIED CONSULTANTS

Rational AppScan & Ounce Products

Application Security and the SDLC. Dan Cornell Denim Group, Ltd.

Tri-Force Consulting Services, Inc. Case Studies

Vulnerability Management in an Application Security World. AppSec DC November 12 th, The OWASP Foundation

Keeping your data yours

Securing SharePoint (TRISC) March 24 th, 2009

TERMS OF REFERENCE (TORs) OF CONSULTANTS - (EAG) 1. Reporting Function. The Applications Consultant reports directly to the CIO

SAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts

Service & Process Account Management

The monsters under the bed are real World Tour

PDQ Tek. PDQpos.com. 760 Veterans Circle; Warminster, PA

Professional Services Overview

Cisco Cloud Enablement Services for Adopting Clouds

ProgLogix R & D Pvt. Ltd.

White paper. Web Application Security: The Overlooked Vulnerabilities

The Evolution of Application Monitoring

QRadar SIEM 6.3 Datasheet

Avanade Develops Innovative Technologies for TASER

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

CASPR Commonly Accepted Security Practices and Recommendations

Transcription:

Denim Group Company Background Denim Group, an IT consultancy specializing in custom software development, systems integration and application security, serves a national and international client base of Fortune 500, commercial and public sector organizations. Specific industry experience includes: financial services, banking, insurance, healthcare and defense. Denim Group also has strong competencies working with other industries including education, entertainment, retail and online commerce, construction, energy, high tech, and marketing/creative. Sheridan Chambers and Dan Cornell founded Denim Group in 2001. John Dickson joined Denim Group as a third partner in 2004. The Company is completely self-financed and profitable since its inception. With over forty years experience in large-scale software development projects and information security, the principals are recognized experts in their fields. They have been quoted in industry publications, speak regularly for regional and national industry organizations and have presented at national industry conferences. They founded the San Antonio chapter of the Open Web Application Security Project (OWASP) and hold leadership positions in organizations including the Technology Advocates of San Antonio (TASA) and the San Antonio Technology Accelerator Initiative (SATAI). The San Antonio Business Journal recognized Denim Group as the Fastest Growing Company in San Antonio in 2006 and as one of the Best Places to Work in 2007. At A Glance Headquarters: San Antonio, TX Company type: Private, Partnership Target Markets: Financial, Healthcare, Insurance, Defense, Education, Entertainment, Retail and Online Commerce, Construction, Energy, High Tech, and Marketing/creative Number of Employees: 35+ 2007 Denim Group, Ltd. All Rights Reserved.

Secure Development for a Changing Market With legislation such as California s SB-1386 and high-profile data security breaches, the protection of customer data has come to the forefront of many organizations priorities. For the better part of the last decade, information security professionals have been locking down enterprise computing environments by securing infrastructure components firewalls, routers, servers and operating systems. An entirely new set of security challenges has arisen with the demand for putting customer information online, many times via in-house developed applications and databases. Application-level security is a growing area of focus in both the application development and information security fields. Moving beyond the infrastructure focus of traditional information security practices, application-level security involves auditing the code and databases used in custom-developed applications. Developers must ensure these code and databases behave as expected and provide appropriate controls so that applications continue to function and are safe from disclosing or altering customer information in an unauthorized manner. Denim Group s core expertise includes medium- and large-scale custom software development projects involving sophisticated programming solutions such as E-commerce, customer relationship management and portal development. In addition, Denim Group s developers are trained and experienced security consultants. Their working knowledge of the threats and countermeasures encountered in the application security arena, as well as development strategies that fit into the software development lifecycle, provide the level of expertise needed to develop, assess and remediate application source code. Key Customer Benefits Fortune 500, commercial and public sector organizations using Denim Group expect: Secure application development by software engineers who are trained on the latest secure coding techniques and methodologies. Knowledge transfer for their internal developers, project managers, auditors and security professionals. Expertise and input from thought leaders regarding the most current industry trends. Services BUILD Custom Software Development Denim Group has broad and deep experience building custom software systems to meet unique business needs through specialized technology systems. Denim Group's unparalleled 2

architecture and design experience coupled with strong project management and focus on results helps clients get the systems they need on time and on budget. Java / J2EE Denim Group has extensive experience developing Java-based enterprise solutions using J2EE standards and industry-leading application servers. From BEA WebLogic, IBM WebSphere and ATG Dynamo to a variety of open source platforms such as Tomcat and JBoss, Denim Group's J2EE systems are created with platform independence and scalability in mind. Other tools and frameworks such as Struts, JUnit and Ant help to speed development and insure first-class deliverables. Microsoft.NET With the introduction of.net family of technologies, the Microsoft platform is now ready for fullscale enterprise systems. Denim Group has deep experience building.net-based solutions using C# and VB.NET as well as developing solutions with the.net line of server products such as Microsoft SQL Server and Microsoft Commerce Server 2002. Utilizing.NET development best practices and a library of in-house reusable components, Denim Group builds high-performance applications for Microsoft-based infrastructures. Denim Group is a Microsoft Gold Certified Partner with qualifications in three areas of competency. Linux, MySQL, Perl/PHP (LAMP) Denim Group has a long history of leveraging open source technologies to provide clients with high-quality, low cost software solutions. Using open source databases such as MySQL and PostgreSQL and scripting languages such as Perl and PHP allows Denim Group to execute on smaller projects in a cost-effective manner, as well as to build large scale systems for less where software licensing fees might overly encumber the project's budget. INTEGRATE - Systems Integration Modern enterprises face the challenge of customizing and integrating a variety of applications to support their business processes. While it often makes sense to implement off-the-shelf solutions in order to save money and deployment time, many organizations will be required to customize their package deployments to fit their specific needs. Denim Group integrates a wide variety of applications ranging from legacy systems to highperformance e-commerce sites and develops custom applications to pick up where the off-theshelf software leaves off. Denim Group's expertise in application security is an added benefit to organizations with sensitive data and involved security requirements Integration Solutions Portals MOSS SharePoint Server 2007 Other technologies including Jakarta JetSpead and JBoss Portal Server Web Service Biz Intel SQLRS Crystal Reports Common Integration Scenarios E-commerce Solutions ERP CRM 3

Legacy / Mainframe Denim Group is a Microsoft Gold Certified Partner with the Information Worker Solutions Competency and the Data Management Solutions Competency. SECURE - Application Security Due to changes in the regulatory environment, the protection of customer data has come to the forefront of many organizations priorities, and businesses now expose more mission-critical backend systems to the web than ever before. Denim Group offers application security services to address these operational concerns and assist its clients in building more secure software. Assessment Web application assessments by Denim Group will tell you where your applications are vulnerable to exploitation from external attackers or internal threats. Using both commercial and proprietary tools, Denim Group tests applications to determine if design or development flaws have created weak links in the security chain. These assessments examine the entire distributed application and look for weaknesses across all tiers: presentation, application, database, and legacy. Remediation Where other firms generate reports showing low, medium and high rankings, our development team advises on weighing risks alongside the level of effort required for remediation. Unlike other security-centric firms, Denim Group's seasoned development team can also fix software vulnerabilities that may exist in its customers' applications. Training Another strategy for increasing the security in your application development process is securityfocused training for your development team. Denim Group provides a mixture of application security concepts and hands-on development training targeted at those building, testing, and managing custom software. Taught by developers, these classes provide a working knowledge of the threats and countermeasures encountered in the application security arena, as well as development strategies that fit into the software development life cycle your development team can implement immediately after completion. Application Security Mentor Program In addition to assessing the security state of existing applications, organizations attempting to implement secure development practices can bring in expert resources to accelerate the process. Denim Group's security-savvy developers provide security architecture, design, coding and quality assurance expertise so that your organization can deliver secure code on a repeatable basis to internal and external customers. In addition, Denim Group partners with your development team to lead efforts to create secure code and to provide knowledge transfer on secure application development principles. Audit Support Denim Group works with internal audit teams as a technical liason to help perform assessments, interpret results and quantify risks that applications present to the control environment. Denim Group interprets technical results and maps those to specific audit objectives. Denim Group assists with a variety of audit standards, including: Payment Card Industry (PCI), Sarbanes-Oxley (SOX), ISO 17799, ISO 27001 and SAS 70. Tools 4

Denim Group recommends security assessment tools to best suit your organization's needs. Our consultants use a variety of security assessment tools on a regular basis in a number of varied environments, and we have relationships with several market leading vendors. Denim Group can advise on a number of commercial off-the-shelf and open source products available on the market. Organizations Open Web Application Security Project (OWASP) San Antonio Chapter - Founding members San Antonio Technology Accelerator Initiative (SATAI) Founding members Java Users Group of San Antonio (JUGSA) Founding members Technology Advocates of San Antonio (TASA) Founding members North San Antonio Chamber of Commerce John Dickson, 2008 Chair-Elect Computer Security Institute (CSI) Trinity University Business Affiliates Company History Sheridan Chambers and Dan Cornell founded Denim Group in 2001. John Dickson joined Denim Group as a third partner in 2004. The Company is completely self-financed and profitable since its inception. Company Milestones: 2007 John Dickson, principal of Denim Group, named the 2008 Chair Elect for the North San Antonio Chamber of Commerce March Denim Group partners with Watchfire Corporation to present Hacking 101 Workshop led by John Dickson March Dan Cornell speaks at AJAXWorld Conference and Expo May Dan Cornell, principal of Denim Group, speaks at Unatek s 2007 Web Services Security Conference and Exhibition May Dan Cornell speaks at ComTec s Business Intelligence and IT Security Conference June Denim Group named the one of the Best Places to Work in San Antonio by the San Antonio Business Journal July Denim Group named one of San Antonio s fastest growing companies by the San Antonio Business Journal 5

2006 2005 2004 Sheridan Chambers elected President of the Technology Advocates of San Antonio (TASA) May Sheridan Chambers, principal of Denim Group, named Young Entrepreneur of the Year by the North San Antonio Chamber of Commerce May Alpha release of Sprajax July Denim Group named the fastest growing company in San Antonio by the San Antonio Business Journal September John Dickson speaks at ConSec '06 October Denim Group donates Sprajax to the Open Web Application Security Project (OWASP) October Dan Cornell establishes agileandsecure.com as a security resource for developers October Dan Cornell speaks at the OWASP AppSec Conference in Seattle, WA John Dickson elected Chairperson of the San Antonio Technology Accelerator Initiative (SATAI) Denim Group begins hosting seminars and client training events May Denim Group founds San Antonio OWASP chapter with Principal Dan Cornell as chapter leader June Denim Group named one of San Antonio's Four Tech Companies to watch by the Express News December Denim Group earns Microsoft Gold Partner Certification: Custom Development Solutions, Specialization in Web Development December Denim Group earns Microsoft Gold Partner Certification: Data Management Solutions, Specialization in Database Management December Denim Group earns Microsoft Gold Partner Certification: Information Worker Solutions, Specialization in Portals and Enterprise Content Management John Dickson elected Tech Council Chairperson for North San Antonio Chamber of Commerce February John Dickson joins Denim Group as third principal 6

October Denim Group begins offering in-house training November John Dickson speaks at CSI Annual Conference 2001 December Denim Group founded by Sheridan Chambers and Dan Cornell Management Team Sheridan Chambers Sheridan Chambers has demonstrated expertise in starting, running and growing businesses for nearly a decade. With a strong background in solution selling and a vision for cost control and vendor relations, Sheridan s roles at Denim Group include client consultant and manager of operations, finance and marketing. Sheridan served as president of Technology Advocates of San Antonio (TASA) from 2004-2007 and currently serves on the board of the San Antonio Technology Accelerator Initiative (SATAI). Sheridan also serves on the Alumni Advisory Board for the Business Department at Trinity University. Dan Cornell Dan Cornell has over ten years of experience architecting and developing web-based software systems. He leads the organization's technology team in overseeing methodology development and project execution. Dan also heads the Denim Group security research team in investigating the application of secure coding and development techniques to improve web-based software development methodologies. Dan was the founding coordinator and chairman for the Java Users Group of San Antonio (JUGSA) and is currently the chapter leader of the San Antonio chapter of the Open Web Application Security Project (OWASP). He is also a recognized expert in the area of web application security for SearchSoftwareQuality.com and the primary author of Sprajax, Denim Group's open source tool for assessing the security of AJAX-enabled web applications. John Dickson John Dickson, CISSP, has over 15 years in the information security field including hands-on experience with intrusion detection systems, telephony security, and application security in the commercial and Department of Defense arenas. In his current position as a principal at Denim Group, he consults with Fortune 500 clients and Department of Defense organizations regarding their application security programs. John regularly speaks for security groups including ISSA and ISACA as well as for regional and national conferences. He is a founder of the Alamo Chapter of ISSA and a member of the Computer Security Institute. Contact Denim Group 7

Denim Group tel - (210) 572-4400 fax - (210) 572-4401 3463 Magic Drive, Suite 315 San Antonio, TX 78229 www.denimgroup.com Media Contact Brittany Power pr@denimgroup.com ROBOT tel - (210) 476-8801 fax - (210) 476-8668 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information