Aspect provides application security services and programs for organizations with critical applications. Our positive approach focused on key application security controls makes application security manageable and is designed to be as cost-effective as possible. We bring together business and executive management, software development, and security and audit groups to enable informed decisions about the risks of insecure applications. Our balanced programs, including training (both instructor led and e-Learning), development, architecture and process support, and verification services will help you improve your application security and your ability to manage cost and risk.

close

Aujas, an International Data Group (IDG) company, is a global Information Risk Management services company. Our IRM consultants work with your management team to align information risk with business initiatives, so that security becomes a business driver and competitive advantage rather than a financial burden for your company. Our holistic approach focuses on your business fundamentals and how they interrelate with risk mitigation strategy, governance, compliance, and other strategic information issues.

We offer global clients:

• Information Risk Advisory services
• Secure Development Life Cycle services
• Identity and Access Management services
• Managed Information Risk services
• Vulnerability Management services

close

Booz Allen Hamilton has been at the forefront of strategy and technology consulting for nearly a century. Booz Allen possesses the ability to design, develop, and deploy secure software, as well as verify the existence of weaknesses in systems. We have extensive experience in applying security best practices throughout the development lifecycle to minimize the occurrence of software defects that can put data and systems at risk. We provide our clients with a deep and diverse software assurance program that enhances their approach to software security beyond the traditional compensatory security controls.

close

Casaba Security is a select group of technology security consultants and developers with a reputation for relentlessly researching, developing and implementing innovative solutions to the most difficult security problems. They do this by providing in-depth product security reviews - analyzing requirements and design decisions, and performing SDL-required security testing. Casaba is constantly seeking out and evaluating the best tools and technologies for their clients’ needs. When they don’t exist, they build them. Contact us to request a free consultation.

close

At Cigital, we are proud of our extensive experience running a significant number of large-scale enterprise software security initiatives spanning customers in financial services, independant software vendors, gaming, retail and embedded systems. Established in 1992, we have trained several thousand developers, architects and executives on the fundamentals of software security. We have rolled out tools and best practices for many of our best customers. Cigital is the largest and most experience software security services provider in the world and as a member of the SDL Pro Network, Cigital will be able to bring its extensive experience in delivering software security initiatives.

close

Consult2Comply is a specialized enterprise Governance, Risk and Compliance software and services provider founded by information security, risk and compliance professionals with over 25 years of GRC auditing and consulting experience. The C2C methodology aligns an organization’s compliance strategy with specific business objectives. C2C’s products automate the costly manual processes associated with compliance initiatives, performing tasks in hours that normally take days. We provide stakeholders with a sustainable business-centric common operating compliance framework. We refer to this as B-GRC. This blended approach of software plus services as a compliance solution is continually being appreciated and validated by our growing international customer base.

close

IOActive’s SDL Integration service is designed to help organizations integrate security into all phases of the software development process. Our consultants work alongside an organization’s project managers, security architects, and coders to identify efficient methods for integrating security into the overall development process. Covering the complete lifecycle of software development, from conception to deployment, IOActive reviews practices and tasks, providing strategic recommendations for the implementation of a security-focused development lifecycle, and identifying opportunities to increase the effectiveness of risk management for the enterprise.

close

iSEC Partners is a full-service application, infrastructure and mobile security consulting company combining cutting edge research with an unflagging commitment to customer service. We provide practical solutions to some of the world’s most difficult security problems. iSEC Partners' practical and experience-driven approach to the SDL as an engineering quality discipline has made us the partner of choice for customers where security is an integral part of their world-changing innovations.

close

Leviathan Security Group is a professional information security firm made up of industry leading, security virtuosos. You have information and assets to protect, and we are the experts at your fingertips who will evolve the SDL aspects of your security program, so that it is flexible and inventive and can shift, change, and stay ahead of business developments and compliance standards. Our managers and engineers work seamlessly with a diverse multitude of businesses to design and evolve SDL stratagems; we create tools and programs that keep our clients ahead of the curve; we earned our title, SDL Pro Network Providers. Leviathan Security Group consistently travels to areas around the world to provide SDL training, consulting, or tools. We can also provide training via video conferencing.

close

The n.runs AG, founded in 2001, has established itself on the market as a developer-independent and neutral consulting company for the sectors of IT security, IT infrastructure and IT-Business Consulting. The services provided by n.runs AG pursue a comprehensive approach and encompass auditing/assessment, design, support in the application of the latest technologies, along with process consulting and knowledge transfer. In 2008, n.runs AG became the only central European company to join the “Microsoft Security Development Lifecycle Pro Network”, followed by the implementation of the special sector “Security Development Lifecycle” which delivers high level SDL consulting and training services.

close

SAIC is a FORTUNE 500® scientific, engineering and technology applications company that uses its deep domain knowledge to solve problems of vital importance to the nation and the world, in national security, energy and the environment, critical infrastructure, and health. We do this with the constant and deliberate commitment to ethical performance and integrity that has marked SAIC since its founding.

close

Founded by industry experts in 2005, Stach & Liu provides security consulting services to the Fortune 1000, financial institutions, and governments. Our mission is to help companies secure their networks and applications with core services including: SDL program development, application security assessments, and secure development training.

Our team has a track record of successfully working with clients throughout the Fortune 1000 to implement secure development programs. In addition, we have provided instructor-led secure development training for several thousand developers. With more than 100 years of combined security experience and a true passion for what we do, our expert team is ready to help your organization with SDL programs and services.

close

With employees in 321 offices and 75 countries, Verizon Business offers a consistent global service experience and dedicated local service and support. Regardless of whether your challenge is network, IT infrastructure, communications or security related, our Professional Services consultants have the expertise to assess, design, implement, and manage your information systems. We use proven methodologies and experience to evaluate your current systems, recommend improvements, and create an IT strategy that makes sense for your organization. The net result can help you increase productivity, control costs, and offer better customer service.

As an SDL Pro Network member and a proven security solutions provider, Verizon Business EMEA offers leading Threat & Vulnerability consulting expertise (incl. on-site SDL evangelists, adhoc SDL consultancy, SDL pilot programs, secure coding guidelines and developer trainings) to help enterprises develop secure, robust development lifecycles, leveraging relationships with leading Secure Code Review vendors to offer enterprise solutions that yield results.

close

Accuvant Labs service offerings provide comprehensive analysis of mission-critical software, ensuring security threats are identified, an effective application security risk management program is put into place and ultimately all risks are mitigated. Our industry leading assessors leverage comprehensive testing methodologies to analyze critical applications within our clients' environments. Our methodology and approach are comprehensive and tightly integrated directly into clients’ development environments. We adhere to an open, comprehensive and interactive consulting methodology to ensure our clients understand how we are testing their applications and are updated on our findings.

close

Beyond Security's automated security testing technologies discover and report security weaknesses in corporate networks, web applications and software. We help businesses and governments automate the assessment and management of their security status thus securing them against data loss, meeting security policy requirements and exceeding industry testing standards with a fraction of the normal manpower investment.

beSTORM is an enterprise level 'smart fuzzer' that performs comprehensive software security analysis and discovers vulnerabilities during development and after release. beSTORM tests all major protocols and 'auto learns' new protocols on the fly. Highlights: Automated binary and textual analysis, advanced debugging and stack tracing.

close

Codenomicon develops automated security and quality testing software for testing business or mission critical products, before deployment. Codenomicon's intelligent model-based fuzzers achieve unparalleled efficiency in finding both known and unknown weaknesses. Software developers, testers and security auditors in e.g. the finance, telecommunication and defense industries rely on Defensics to harden systems, mitigate cyber-security threats and improve their Quality of Service. Codenomicon's off-the-shelf DEFENSICS solutions provide an easy way of integrating fuzzing into the SDL. These software based tools cover all standard or proprietary protocols. Codenomicon also offers an extensive range of services, including training, security audits and test lab management.

close

Fortify®'s Software Security Assurance (SSA) products and services protect companies from threats posed by security flaws in software applications – helping identify and resolve critical application vulnerabilities. Fortify solutions, professional services and training span all phases of the SDL helping organizations implement repeatable processes essential in secure development best practices.

Fortify’s customers include government and FORTUNE 500 companies in a wide variety of industries, such as financial services, healthcare, e-commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by world-class teams of software security experts and partners.

close

McCabe Software has provided Software Quality Management solutions for over 30 years. McCabe IQ analyzes the security vulnerability, quality, and testing of critical applications, utilizing a comprehensive set of software metrics including the McCabe-authored Cyclomatic Complexity metric and exclusive “Basis Path” coverage technology. McCabe IQ is built for software engineers and security analysts who need to execute security or vulnerability analysis on complex software. Unlike other security solutions, McCabe IQ uses a path-oriented approach, enabling engineers to understand interactions and verify exploitable paths within a codebase. This is crucial when determining exploitability, modeling attack space, and performing vulnerability analysis.

close

Mu Dynamics is the leader in testing NGN services, enabling customers to meet the challenges of deploying services for the iGeneration. Unlike legacy testing tools, Mu transforms actual service interactions into test scenarios using our patent-pending Active Service Replication (ASR) technology. Mu allows customers to accurately test complex services including triple play, mobile, and cloud, empowering them to innovate with confidence and deliver high quality services.

The Mu Test Suite provides critical value to all test organizations implementing the SDL. Mu Test Suite helps improve resiliency and robustness, shortens release cycles and makes issue resolution more efficient.

close

Safelight is a leader in security education—our integration of deep security expertise and innovative approaches to interactive learning sets us apart. We offer a full range of instructor-led and on-demand security courses for developers, architects, QA testers and managers. Our courses for development teams begin with an overview of fundamental secure coding principles. Students learn the many ways in which vulnerabilities in software code may be exploited by attackers and are shown the value of secure development. Building on this understanding of the risks inherent in software development, students learn solid architecture, design, testing and implementation principles.

close

SANS is the best and most trusted source for information and computer security training. We offer training through several delivery methods - live & virtual conferences, mentors, online, and onsite. Our computer security courses are developed by industry leaders in numerous fields including network security, forensics, audit, security leadership, and application security. Courses are taught by real-world practitioners who are the best at ensuring you not only learn the material, but that you can apply it immediately when you return to the office.

close

Security Compass is an industry-leading information security consulting firm, specializing in secure software development and training. We have in-depth knowledge of information security and software engineering, and an unmatched commitment to professionalism and training quality. We help the world's most security conscious companies to build trustworthy software from the ground up. As a proud member of the Microsoft SDL Pro Network, we provide interactive and hands-on training for all participants in the SDLC. Request a custom managed enterprise training program composed of courses in various delivery formats: onsite, instructor-led remote, and web-based.

close

Security Innovation (SI) focuses on the most difficult problems of IT security - those at the application layer. The company’s training, assessment, and consulting solutions help organizations rollout software applications that are secure and in compliance. SI has a long withstanding relationship with Microsoft and is extremely adept in the company’s technologies and the Microsoft SDL. With more than 30 eLearning courses secure development methodologies, and consulting services that can isolate problems at any phase of the development process (or within the process itself) SI can help your organization adopt or refine the SDL with optimum efficiency and minimal disruption.

close