CyStack.,JSC

CyStack is a leading Vietnam-based cybersecurity firm recognized for its research, innovation, and award-winning products and services in security testing and assessment, managed security services, data protection, and security compliance.

Dedicated to inclusivity, CyStack delivers intuitive and scalable solutions that ensure robust protection for businesses of all sizes, regardless of budget or technical expertise.

Controls

Software Development

STATUS

CONTROL

Defining application security standards

A set of security standards must be defined for applications prior to development, at a minimum complying with OWASP Top 10.

Implementing a bug bounty program

The organization maintains a bug bounty program for its applications and systems.

Automated vulnerability scanning

Applications must undergo black-box vulnerability scanning before being deployed to production.

Threat modeling

Threat modeling includes building data flows and risk analysis for new features/products starting from the design phase of the product.

Open-source security

Open-source software used in the system must undergo security checks before being implemented.

Application access control

Users accessing features with critical data are required to authenticate (no anonymous access).

Continuous system monitoring

Applications and IT systems are continuously and automatically monitored to detect issues in real-time.

Application pentesting

Applications must be pentested by experienced security experts before being deployed to production.

Source code security testing

Applications must undergo source code review before being deployed to production to ensure no secret keys are exposed and no simple security vulnerabilities exist.

Source code management

Source code must be centrally stored in repositories such as GitHub, Bitbucket, or GitLab.