Skip to content

Commit

Permalink
Add security consultants to the list.
Browse files Browse the repository at this point in the history
  • Loading branch information
@wparad
wparad committed Sep 29, 2023
1 parent 1e0a48c commit 0477bd7
Show file tree
Hide file tree
Showing 2 changed files with 126 additions and 48 deletions.
111 changes: 92 additions & 19 deletions src/components/auditors.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
<span style="font-size: 16px">{{ header.text }}</span>
</template>
<template #item-name="item">
<a :id="item.name" target="_blank" :href="item.link">{{ item.name }}</a>
<a :id="item.id || item.name" target="_blank" :href="item.link">{{ item.name }}</a>
</template>
<template #item-totalCost="item">
<div v-if="item.totalCost === null"><warning /></div>
Expand Down Expand Up @@ -69,7 +69,7 @@
<h2 class="pb-2 border-bottom">Pen Testers</h2>

Pen testing is not required for many certifications. So generally can be avoided unless you want some additional assurances. The prices below are aligned for a medium sized application service running for a single product.

<br><br>
<div class="table-responsive-md">
<table class="auditors table-dark table-striped table align-middle">
<thead>
Expand Down Expand Up @@ -99,14 +99,6 @@
<td class="text-danger">&nbsp;</td>
</tr>

<tr>
<th scope="row"><a target="_blank" href="https://www.rapid7.com/">Rapid7</a></th>
<td><warning /></td>
<td><warning /></td>
<td><warning /></td>
<td class="text-danger">&nbsp;</td>
</tr>

<tr>
<th scope="row"><a target="_blank" href="https://kobalt.io/pentest/">Kobalt</a></th>
<!-- <td class="d-flex justify-content-center">$7.5k</td> -->
Expand All @@ -121,6 +113,72 @@
<td><success /></td>
<td class="text-danger">&nbsp;</td>
</tr>

<tr>
<th scope="row"><a target="_blank" href="https://www.rapid7.com/">Rapid7</a></th>
<td><warning /></td>
<td><warning /></td>
<td><warning /></td>
<td class="text-danger">&nbsp;</td>
</tr>
</tbody>
</table>
</div>

<br id="pen-tests">

<h2 class="pb-2 border-bottom">Security Consultants</h2>

Most of the reports from the above providers are pretty easy to read, but you get stuck and need help reviewing them or you need a consultant to help you implement the controls to allow you to pass the audit, one of these might help.
<br><br>
<div class="table-responsive-md">
<table class="auditors table-dark table-striped table align-middle">
<thead>
<tr>
<th scope="col">Company</th>
<th scope="col"><div class="d-flex justify-content-center align-items-center flex-column"><div>Pricing</div></div></th>
<th scope="col"><div class="d-flex justify-content-center align-items-center flex-column"><div>SOC 2 Report Review</div></div></th>
<th scope="col"><div class="d-flex justify-content-center align-items-center flex-column"><div>Infra implementation assistance</div></div></th>
<th scope="col"><div class="d-flex justify-content-center align-items-center flex-column"><div>Application architecture reviews</div></div></th>
<th scope="col"><div>Note</div></th>
</tr>
</thead>
<tbody>
<tr>
<th scope="row"><a target="_blank" href="https://kobalt.io">Kobalt</a></th>
<td><warning /></td>
<td><success /></td>
<td><danger /></td>
<td><danger /></td>
<td>Works only with <a href="#" @click="navigateTo('vanta')">Vanta</a></td>
</tr>

<tr>
<th scope="row"><a target="_blank" href="https://www.latacora.com/">Latacora</a></th>
<td><warning /></td>
<td><warning /></td>
<td><success /></td>
<td><success /></td>
<td class="text-danger">&nbsp;</td>
</tr>

<tr>
<th scope="row"><a target="_blank" href="https://rhymetec.com/vciso/">Rhymetic</a></th>
<td><warning /></td>
<td><warning /></td>
<td><warning /></td>
<td><warning /></td>
<td class="text-danger">&nbsp;</td>
</tr>

<tr>
<th scope="row"><a target="_blank" href="https://www.violetx.com/">Violetx</a></th>
<td><warning /></td>
<td><warning /></td>
<td><warning /></td>
<td><warning /></td>
<td class="text-danger">&nbsp;</td>
</tr>
</tbody>
</table>
</div>
Expand Down Expand Up @@ -228,6 +286,15 @@ const companies = [
automationPlatformCost: '$7.5k',
note: 'Requires third party auditor (or more expensive in house audit)' },
{ link: 'https://sprinto.com/ignite/',
name: 'Sprinto Ignite',
totalCost: '$5k',
licensed: true,
auditCost: '$5k',
hasAutomationPlatform: true,
automationPlatformCost: true,
note: 'Requires 3 year contract' },
{ link: 'https://thoropass.com/',
name: 'Thoropass (Laika)',
totalCost: '$12k',
Expand All @@ -246,16 +313,8 @@ const companies = [
automationPlatformCost: true,
note: '' },
{ link: 'https://sprinto.com/ignite/',
name: 'Sprinto Ignite',
totalCost: '$5k',
licensed: true,
auditCost: '$5k',
hasAutomationPlatform: true,
automationPlatformCost: true,
note: 'Requires 3 year contract' },
{ link: 'https://www.vanta.com/',
id: 'vanta',
name: 'Vanta',
totalCost: '$15k',
licensed: false,
Expand All @@ -278,6 +337,20 @@ const showRow = clickedElement => {
}
};
const navigateTo = target => {
if (!target) {
window.scrollTo(0, -window.scrollY);
return;
}
const element = document.getElementById(target);
window.scrollTo(0, window.scrollY + element.getBoundingClientRect().top - 200);
setTimeout(() => {
if (Math.abs(element.getBoundingClientRect().top - 60) > 10) {
window.scrollTo(0, window.scrollY + element.getBoundingClientRect().top - 200);
}
}, 10);
};
</script>
<style lang="scss" scoped>
Expand Down
63 changes: 34 additions & 29 deletions src/components/home.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,45 +36,48 @@
<div class="container-fluid mb-4 w-100">
<div class="d-flex row">
<div class="col-12 col-lg-6 mb-4 mb-lg-0">
<div class="h-100 p-4 p-md-5 text-white bg-dark" style="border-radius: 0.5rem;">
<h2>The FYI</h2>
You already did the hard work of securing your technology, so getting the attestation proving it should be easy. But it still isn't.
<br><br>
<div class="d-flex align-items-center">
<i class="fa-solid fa-arrows-left-right-to-line fa-2x me-4" />
<div>
<h3>Gap Analysis</h3>
<div>Figure out where you are at versus where you should be. And then you can use this to know what automation to run.</div>
</div>
<div class="h-100 p-4 p-md-5 text-white bg-dark d-flex flex-column" style="border-radius: 0.5rem;">
<div>
<h2>The FYI</h2>
You already did the hard work of securing your technology, so getting the attestation proving it should be easy. But it still isn't.
</div>

<br>
<div class="d-flex align-items-center">
<i class="fa-solid fa-gears fa-2x me-4" />
<div>
<h3>Security Automation</h3>
<div>Update your policies and infrastructure to fill in these gaps. Use the automation to ensure your technical policies are being followed.</div>
<div class="d-flex flex-column justify-content-around flex-grow-1">
<div class="d-flex align-items-center">
<i class="fa-solid fa-arrows-left-right-to-line fa-2x me-4" />
<div>
<h3>Gap Analysis</h3>
<div>Figure out where you are at versus where you should be. And then you can use this to know what automation to run.</div>
</div>
</div>
</div>
<br>

<br>
<div class="d-flex align-items-center">
<i class="fa-solid fa-gears fa-2x me-4" />
<div>
<h3>Security Automation</h3>
<div>Update your policies and infrastructure to fill in these gaps. Use the automation to ensure your technical policies are being followed.</div>
</div>
</div>
<br>

<div class="d-flex align-items-center">
<i class="fa-solid fa-pencil fa-2x me-4" />
<div>
<h3>Attestation</h3>
<div>Ask an auditor to sign off on your policies and infrastructure automation by giving you a badge and a report.</div>
<div class="d-flex align-items-center">
<i class="fa-solid fa-pencil fa-2x me-4" />
<div>
<h3>Attestation</h3>
<div>Ask an auditor to sign off on your policies and infrastructure automation by giving you a badge and a report.</div>
</div>
</div>
<br>
<div class="d-flex justify-content-center align-items-center">
<h4>That's it, pretty simple right?</h4>
</div>
</div>
<br>
<div class="d-flex justify-content-center">
<h4>That's it, pretty simple right?</h4>
</div>
</div>
</div>
<div class="col-12 col-lg-6">
<div class="h-100 p-4 p-md-5 bg-light border" style="border-radius: 0.5rem;">
<h2>So what is SOC 2 really?</h2>
<p>SOC 2 is a <strong>marketing and sales tool</strong> that allows you to put a rubber stamp on your website. SOC 2 implies <strong class="text-danger">nothing about security</strong>. The SOC 2 audit is a commodity so any licensed auditor can get you the three pieces you care about:
<p>SOC 2 is a <strong>marketing and sales tool</strong> that allows you to put a rubber stamp on your website. SOC 2 implies <strong class="text-danger">nothing about security</strong>. It only shows what you write:
<ul>
<br>
<li><strong>Policies</strong>: You write your own policies. And then ask the auditor to validate that you are following them.</li>
Expand All @@ -83,6 +86,8 @@
<br>
<li><strong>An attestation icon and url</strong>: They will provide you a link to put on your website. This proves they did the audit.</li>
</ul>

Since the policies are up to you, the SOC 2 audit is a commodity so any licensed auditor works the same.
</p>

<div>If you've already implemented the best practices found below then you are ready to get your audit.</div>
Expand Down

0 comments on commit 0477bd7

Please sign in to comment.