CyStack.,JSC

CyStack is a leading Vietnam-based cybersecurity firm recognized for its research, innovation, and award-winning products and services in security testing and assessment, managed security services, data protection, and security compliance. Dedicated to inclusivity, CyStack delivers intuitive and scalable solutions that ensure robust protection for businesses of all sizes, regardless of budget or technical expertise.

Controls

Secure Development

STATUS

CONTROL

Compliant

Application Security Standards

Security standards based on OWASP Top 10 are defined for all applications. Authentication, authorization, input validation, and secure coding practices are required.

Compliant

Bug Bounty Program

The organization maintains a bug bounty program to incentivize external security researchers to responsibly disclose vulnerabilities.

Compliant

Penetration Testing

Applications and infrastructure are tested by qualified security experts at least annually and before major releases.

Compliant

Source Code Management

Source code is stored in centralized repositories with branch protection, mandatory code reviews, and CI/CD pipelines for safe deployment to production.

Compliant

Application Security Testing

Applications undergo automated security testing including static analysis (SAST), dynamic analysis (DAST), and open-source dependency scanning before production deployment.

Compliant

Threat Modeling

Threat modeling is performed during the design phase of new features and products, including data flow analysis and risk identification.