Dr Asankhaya Sharma SIT 20Feb16 2 Secure Software Development Consider security throughout the software development lifecycle Requirements Design Implementation Testing Deployment 20Feb16 ID: 1003273
Download Presentation The PPT/PDF document "Secure Software Development" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
1. Secure Software DevelopmentDr. Asankhaya SharmaSIT
2. 20-Feb-162
3. Secure Software DevelopmentConsider security throughout the software development lifecycleRequirementsDesignImplementationTestingDeployment20-Feb-163
4. RequirementsIdentify sensitive data and resourcesDefine security requirements for themConfidentialityIntegrityAvailabilityConsider threats and abuse cases that violate these requirements20-Feb-164
5. 20-Feb-165
6. DesignApply principles for secure software designPrevent, mitigate and detect possible attacksSecurity principlesFavor SimplicityTrust with ReluctanceDefend in Depth20-Feb-166
7. 20-Feb-167
8. ImplementationApply coding rules that implement secure designUse automated code review techniques to find potential vulnerabilities componentsStatic AnalysisSymbolic execution20-Feb-168
9. 20-Feb-169
10. TestingPenetration Testing to find potential flaws in the real systemFuzz testingEmploy attack patterns20-Feb-1610
11. Different methodologiesBSIMM (Building Security In – Maturity Model)http://bsimm.com Microsoft Security Development Lifecyclehttps://www.microsoft.com/en-us/sdl/ OpenSAMM Software Assurance Maturity Modelhttp://opensamm.org 20-Feb-1611
12. 20-Feb-1612
13. Continuous Delivery of Software20-Feb-1613
14. 20-Feb-1614
15. Continuous SecurityRequires security automationIntegrate into CD environment and toolsSource code management systemsGitHub, Bitbucket etc.Build systemsTravis CI, Jenkins etc.Audit third party component and open-source library usage20-Feb-1615
16. TakeawaysSecurity practices should be built in during the software development processContinuous delivery needs continuous security20-Feb-1616
17. Thanks!Questions?Contact@asankhaya20-Feb-1617