Navigation

Services: Application Assessment; Code or Design Review; Security Awareness; Threat Analysis
Products: Acunetix WVS; KFSensor Honeypot; MOBILedit! Forensic; Passware; Sawmill Analytics; Sunbelt Software
People: Management
Contact

Latest news

Astyran adds Acunetix WVS to its suite of products(01/12/2008)

Astyran is proud to announce that it is now an official partner and reseller of Acunetix. Stay tuned for an update.

eBanking Fraud and Cyber Security Seminar(06/03/2008)

Mr. Stevens, founder and owner of Astyran, presented his insights in source code reviews at the eBanking Fraud and Cyber Security Seminar of the Monetary Authority of Singapore (MAS).

Owasp/ISSA joint meeting (20/11/2007)

Mr. Frantzen and Herman Stevens delivered a much appreciated and discussed presentation on Application Security Awareness Training for developers at the joint meeting of the Belgian ISSA and OWASP chapters. You can download the presentation here, there (OWASP) and there (ISSA).

Security Awareness

Overview

Searching for an experienced trainer or need help developing your program?

The number of high-profile attacks on financial websites is rising. End-user workstations are under continuous attack by sophisticated worms targeted directly at your web solutions. Attacks are shifting from the network level to attacks on the application level. The pressure of regulatory instances is rising.

One cannot adequately protect its interests and uphold its image to the public without ensuring that everyone involved with development:

Understand their roles and responsibilities related to your strategic objectives;
Understand your security policies, practices, standards and frameworks;
Has adequate knowledge about the typical threats, vulnerabilities, related risks and potential countermeasures at their level.

An awareness session focuses the attention on security and is intended to allow individuals within the development teams to recognize security concerns and to respond accordingly.

Creating a culture of security for highly technical staff can be quite a challenge however. Usually technical staff only thinks about technical measures for mitigating the risks while the security community accepts that people and not technology are key to providing an appropriate level of security.

We can help you delivering your message for all development staff.

Experienced Trainer

You need a trainer that can speak at the same level as the development staff, while being able to grasp your awareness and business needs. A trainer with domain and field knowledge ensures that the session is not boring but interactive and lively.

Developing your Awarenesss Program

Our experience teaches us that everyone in development must be involved with security: architect, requirements analyst, designer, coder, and tester. Ideally all sessions are given to a mixed audience, maybe even from different departments: often the awareness session is the first opportunity that those people have to talk about security with others outside their immediate work environment. Talking and thinking about security is one of the first goals of awareness sessions!

Sessions can be split however, depending on the required depth and existing knowledge and awareness objectives.

Key Differentiators

What makes us stand from the crowd?

Highlights of our methodology:

Close collaboration with your staff in order to determine the awareness objectives and the content of the sessions;
Awareness training material adapted to your context and your goals;
No dry ex-cathedra sessions: our awareness sessions are highly interactive and focused on delivering your message;
Training delivered by a highly skilled consultant with field experience.

Methodology

Awareness Training Delivery

Basically there is a cost for preparation: the trainer need to absorb your training content, in order to set the correct pace and look for examples.

Usually it takes about three days of preparation for each day of awareness training. Ofcourse, this preparation is a one-time event. After the initial preparation, you only pay for training delivery.

Awareness Training Development

Usually the process of creating awareness training can be split as follows:

Awareness Needs Analysis: assist in the assessment of the gap between the existing level of security understanding and behaviour of your staff and desired levels (whether this is pre-defined or in line with existing industry best practices or standards) using methods such as staff interviews, surveys, experiments and testing.
Awareness Design and Planning: the design and planning of a cost-effective roadmap for bridging the identified security knowledge gap.
Awareness Content Development: the development of new courses or the customisation of existing courses to meet your awareness requirements. This will be completed with consideration for organisational needs and practices as well as the legal and regulatory environment in which the organisation operates.
Awareness Delivery: see above.
Awareness Evaluation: Evaluating the effectiveness of the awareness programme.

Frequently Asked Questions

Don't hesitate to contact us if something is not clear

What is your pricing model for training delivery?

Both preparation and training delivery are billed as mandays of consultancy. This is less costly than the commonly encountered price per trainee seat.

What is your pricing model for awareness training development?

This will be negotiated on a project basis given the number of unknowns and variables.

Can you deliver the training for an international audience?

Training can be given in Dutch or English, in Belgium and abroad.

Application Assessment

Tired of looking at incomprehensible technical reports about the security of your applications without any business relevance? Need a business driven approach?

Code Review

External pressure for code review? Outsourced development of high risk application? A full code review too expensive? Let us mitigate your development risks by our cost-effective and risk based approach.

Threat Analysis

The goal of analysing threats is to document all possible threats against an application with the goal of implementing countermeasures at the design level where feasible.

More information here.