since 1999

 

AppSec Solutions By Industry

For Software as a Service (SAAS) Companies

Rietta provides security-oriented code review, cybersecurity assessment, and advice for private companies who need to satisfy external security concerns.

Learn More

For HIPAA Covered Entities

Rietta will provide our Security for Custom Web Apps solution to HIPAA Covered Entities, entering into the necessary Business Associate agreements.

Learn More

For State Government

Rietta provides our Custom Web Apps solution to multiple state government agencies. We monitor and update your agency's custom software for component vulnerabilities and provide hands-on technical support for AWS cloud and AWS GovCloud deployments.

Learn More

For Software Development Teams

Rietta provides world-class application security training for teams of developers. We teach threat modeling and secure software project management to teams at Fortune 500 firms.

Learn More

Bespoke Solutions

With 23 years of experience, we've worked with clients with special needs many times.

Learn More

Application Security Review and Audit

Rietta will review the security of your custom web, mobile, or desktop application using the OWASP ASVS, OWASP MASVS, or other relevant industry standard.

This open book review is a suitable substitute for many pen test engagements and will provide your company with an affordable solution to enumerate issues that your team can fix and to satisfy your customer's security inquiries.

Our clients have a 100% track record satisfying their customer-lead inquiry into their security.

Engagement May Include

  • Review code and cloud infrastructure and produce a signed security assessment report suitable to provide to your customers
  • Answer security questionnaires from enterprise clients
  • Attend conference calls and meetings as your security expert as needed
  • Develop compliance strategies to align existing practices with external cybersecurity requirements

Answering Questionnaires and Expert Advice

Our security expertise can be invaluable during an incident response or when you just want to get ahead of the security concerns that your clients may have.

We have a 100% track record helping customers work through concerns that your corporate clients have.

Security for Custom Web Apps

We pride ourselves on patching dozens of client applications within a few hours of a known security risk in a world where other companies usually take months.

  1. Assess existing security to identify weak spots needing improvement
  2. Containerized existing application using Docker for testing and (optionally) for production in the AWS cloud
  3. Continuous Blue Team support to investigate, and update code as necessary for security

Solutions for HIPAA Covered Entities

All of our solutions are available for HIPAA covered entities. We train all of our staff on hire and annually on all of the security and privacy requirements under HIPAA. With an annual contract in place, we will execute a business associate agreement with your organization.

Please Schedule an Appointment to discuss your specific needs.

Bespoke Solutions

When the going gets tough and other developers are stuck, we are here.

Deep understanding of Linux, system administration, and numerous programming languages means we have implemented novel solutions to complex problems using available systems and open source software for clients in many industries.

Just a few examples

  • Implement data retention and high security for breachable PII that was mandated to be kept by law using GnuPG and Yubikeys
  • Speed up web app that was running painfully slow by optimizing SQL queries
  • For an insurance industry client, generate Word and Excel documents using LibreOffice, in Docker, running on AWS Elastic Container Service

Please Schedule an Appointment to discuss your specific needs.

Cybersecurity Training for Development Teams

Frank Rietta Speaking at an OWASP AppSec Conference

We have developed training material for corporate clients.

Courses include, but are not limited to:

  • Threat modeling
  • Cybersecurity Project management
  • Preventing a data breach through secure software development
  • Ruby on Rails security

Please Schedule an Appointment to discuss your specific needs.

 

Other Capabilities

Secure

We provide security-focused code review, audits, and collaboration with your team.
  • Threat Modeling
  • Security Training
  • Security Specific Features
  • DevOps Hardening
  • User and Abuser Stories
  • Remediation
  • Staffing Consulting

Operate

We will architect your cloud solution to be secure and last.
  • AWS Cloud Architecture
  • Operations
  • Optimization
  • Continuous Integration
  • Continuous Deployment
  • Scalable Architectures
  • Tier 3 Support
  • Deploy / Release Management
  • Maintenance/Monitoring
  • Load Management
  • Performance Optimization
  • Provisioning
  • Advising / Consulting

Maintain

We patch production crazy fast because we put a strong foundation in place.
  • Manage Security Dependencies
  • DevOps
  • Security
  • Continuous Integration Orchestration
  • Site and Service Monitoring
  • And More!