Swascan Presentation by Antonella Marcocci

The first all-in-one Cloud Security Suite Platform

SWASCAN ALL in ONE

SWASCAN Web SWASCAN WebApplication Application

SWASCAN Network SWASCAN Network

SWASCAN Code Code Review SWASCAN Review

SWASCAN at a Glance The first Cloud Suite Security Platform The right way to manage the Security Risk, both for web and mobile applications as the overall technological infrastructure

All-in-one SAAS that offers to its users: Flexibility Cost cutting Scalability Accessibility Background to audit Compliance to regulations and OWASP best practises

Three main products: Web Application Scan Network Scan Code Review

Why a SaaS Cloud Security Suite ? The cyber security market is estimated to grow from USD 122.45 Billion in 2016 to USD 202.36 Billion by 2021, at a Compound Annual Growth Rate (CAGR) of 10.6%

The security testing market size is expected to grow from USD 3.31 Billion in 2016 to USD 7.61 Billion by 2021, at a Compound Annual Growth Rate (CAGR) of 18.1%

Security Testing The security testing market is estimated to grow from USD 3.31 Billion in 2016 to USD 7.61 Billion by 2021, at a Compound Annual Growth Rate (CAGR) of 18.1%.

SaaS & Cloud IDC says: worldwide revenues from public cloud services reaching more than $195 billion in 2020, and represents a compound annual growth rate (CAGR) of 20.4% over the 2015-2020 forecast period.

SWASCAN Core Business •

The power and efficiency of Cloud technology is enhanced by a unique platform with a SaaS model, through different integrated and advanced tools.

•

SWASCAN key products aim to test and verify the weaknesses of third-parties applications, preventing data-loss, and analyze the quality standards of company’s network security, its compliance, internal policies and procedures, overall quality and the security of source code.

•

SWASCAN also offers other features that complete the Suite and make it an ideal solution for the full risk management activity.

Scale

Discover

Assess

Prioritize

Global Scalability, Manageability

Scan application everywhere

Automated, Dynamic, Deep Scanning

Identify the highest business risk, and take action

SWASCAN Suite description: WEB APP SCAN Swascan Web APP SCAN basically allows: •

To provide automated security testing and security scan of web applications to identify vulnerabilities

•

To verify the weaknesses of third-parties applications that could generate loss of data or undesired accesses to private data

•

To verify and guarantee the compliance to OWASP best practices and current regulations, identifying security issues of the applications

•

To customize the length of the service (monthly, per year) and the number of targets to be analyzed

VULNERABILITY SCANNING

COMPLIANCE

Provides a Web Application Scan. Identifies more than 200 different web application security flaws and vulnerabilities, including SQL injection, Cross-Site Scripting and many others

Failure to comply with strict regulations can be costly for companies. Swascan is an essential tool to help ensuring you to meet mandatory standards and avoid penalties.

AUDIT FRAMEWORK Automatic generation of reports giving you a complete and detailed overview of your network inventory, status, and security risks.

SWASCAN Suite description: WEB APP SCAN

SWASCAN Suite description: Network SCAN Network Scan aims to Scan networks and devices and suggests you how they can be fixed. •  To Analyse the security level of company networks •  To Verify the compliance to current regulations •  To Check the company policies and internal procedures framework •  To Offer a security service customizable by number of targets

VULNERABILITY SCANNING

COMPLIANCE

AUDIT FRAMEWORK

Successfully meet compliance regulations Perform full vulnerability and port scanning Manage organization-wide software deployment Solve bring your own device (BYOD) headaches Provide IT reports to your managers

Generate reports of devices, computers, software and applications installed in your network automatically, giving you a complete and detailed overview of your network inventory, status, and security risks.

Automatically scan for and deploy missing security and non-security patches issued by Windows®, Mac OS®, Linux® and many third-party applications.

SWASCAN Suite description: Network SCAN

SWASCAN Suite description: Code Review Code Review has been created to provide a source code analysis to identify and resolve security weaknesses and vulnerabilities •  To Test the vulnerability of source codes •  To Assess leaks and inefficiencies of source codes •  To Highlight the areas to intervene on

CODE REVIEW •

Easy to use

•

Scans uncompiled code

•

Highly accurate On-Premise & On-Demand

CODING LANGUAGES & FRAMEWORKS

AUDITING AND COMPLIANCE Security code review is the process of auditing the source code for an application to verify that the proper security controls are in place, that they work as intended and that they have been invoked in all the right places. Code review is a way of ensuring that the application has been developed to be “self-defended” in its given environment.

SWASCAN Code Review Languages SUPPORTED LANGUAGES

STANDARD

ABAP Android

X X

C/C++ C#

ON DEMAND

X X

COBOL Groovy

Java

Javascript

IOS

Objective-C

PHP

X X

PL/SQL Python

RPG

VB.NET

Visual Basic 6

Web

XML

SWASCAN Suite description: Code Review

SWASCAN Suite description: other Services The Suite has been enriched of other ancillary tools, that complete the platform:

A reporting tool that makes easier the risk management activity (e.g. audit)

A recovery tool that suggests how to re-arrange the different security levels

PRICING

PRODUCT Positioning

BATTLE CARD

ANNUAL OK LICENSE

CLOUD TECHNOLOGY

WEB SCAN

VPN SCAN

NETWORK SCAN

CODE REVIEW

FUNCTION/EFFICIENCY

(NOT PERPETUAL)

BATTLEBATTLE Card CARD CLOUD WEB CLOUD CLOUD TECHNOLOGY WEB

ANNUAL ANNUAL LICENSE LICENSE

SCAN SCAN

WEB SCAN

VPN VPN SCAN SCAN

NETWORK NETWORK NETWORK SCAN SCANSCAN

CODE CODE CODE REVIEW REVIEW REVIEW

OKOK OK

OK OK

OK OK OK

OK OK

OKOK OK

NO NO

NO NO NO

OK OK OK

NO NO

OKOK OK

OK OK

NO NO

OK OK OK

NO NO NO

NO NO

NOOK NO

OK OK

NO NO

OK OK OK

OK NO NO

NO NO

OK NO NO

OK OK

NO NO NO

OK OK

OK NO NO

NO NO

OK OK

OK NO NO

OK OK

NO NO NO

OK OK

OK OK OK

NO NO NO

OK OK

TECHNOLOGY TECHNOLOGY

13 13

OK OK

(NOTPERPETUAL) PERPETUAL) (NOT

SWASCAN Screenshot

SWASCAN Competence: Security Management

Policy and Compliance

Adaptation to the regulatory and legislative law/body in the field of security Personal Data Protection and Privacy...

ICT Security

Management of activities of ethical hacking to verify the security of the systems and infrastructures

Risk Management

Analysis and assessment of the level of maturity of the security system in order to define a correct security strategy

Information Security

Development of the ISMS System for the support of the international security certification ISO 27001

SWASCAN Team The right mix to achieve extraordinary results:

an established software developer (Business Competence)

a “digital” “digital” Venture Venture Incubator Incubator (Key Capital) Capital)

•  Software development and updates

•  Business Business development development

•  Business development

•  Administration and legal issues

•  Monitoring of innovation related to the Security field

•  Corporate Strategy

Administration and legal issues Corporate strategy

a Security Expert (Raoul Chiesa) •  Business development •  Networkingand legal issues •  Strong expertise on vyber-security, hacking, cyber-crime. Member of several Security agencies, associations, European groups, domestic and international governments task forces

SWASCAN: Business Developement Strategy GEOGRAFICAL Market Phases

Go to MARKET SW and HW Distributors

System Integrators

Cloud Service Provides

Sec and IT Company

SWASCAN: The next Steps Swascan today is a security preventive platform. Its target is to determine the company risks’ levels and to define the remediation plans. In the next months… more than preventive, Swascan will be PREVENTIVE

PROACTIVE

IT CLOUD SECUITY SUITE

06/2017

2017

INTEGRATED

CLOUD WEB APPLICATION FIREWALL

SWASCAN APPLIANCE

12/2017

PREDICTIVE CYBER INTELLIGENCE THREAT SYSTEM

12/2018

2018

2019

WEB APP SCAN WEB APP SCAN SUBSCRIPTION FREE 10 PAGES

BASIC â&#x201A;Ź

500

BUSINESS â&#x201A;Ź

1000

Best Valu e

ENTERPRISE

1 target to test

Unlimited targets to test

10 pages indexed

Unlimited pages indexed

3 days availability for scan

1 month availability for scan

4 tests per year

Unlimited

Search for all vulnerabilities supported by system

Receive email when test is completed

Download test documentation

Swascan Seal (3 months validity)

Contact info@swascan

NETWORKS SCAN NETWORK SCAN SUBSCRIPTION FREE

BASIC â&#x201A;Ź

150

BUSINESS â&#x201A;Ź

600

Best Valu e

ENTERPRISE Contact info@swascan

1 IP to test

255 IP to test

Unlimited IP to test

3 days availability for scan

1 month availability for scan

1 year availability for scan

Unlimited availability for scan

Search for all vulnerabilities supported by system

Receive email when test is completed

Download test documentation

Contact info@swascan

CODE REVIEW CODE REVIEW SUBSCRIPTION FREE

BASIC â&#x201A;Ź

3000

BUSINESS â&#x201A;Ź

6000

Best Valu e

ENTERPRISE Contact info@swascan

1 target to test

3 target to test

Unlimited targets to test

300 Locs

Unlimited Locs

1 Scan

3 Scan

1 years availability for scan

Search for all vulnerabilities supported by system

Receive email when test is completed

Supported languages: android, csharp, groovy, java, javascript, php, python, web, xml. For other languages, please contact us via email. info@swascan.com

Download test documentation

Contact info@swascan

SWASCAN Award

Swascan AWARD

info@swascan.com

The first all-in-one Cloud Security Suite Platform info@swascan.com