Avoiding the Pitfalls of Secure SDLC

Post on 16-Feb-2016

55 views 0 download

Preview:

Click to see full reader

Tags:

rules threats14which

open samm assessment

countermeasures threats15apply

selfserve20 people

nisthighest roiwhere

quocirca results

flaws todaylook familiar

pitfalls of secure sdlc

Report this document

description

Avoiding the Pitfalls of Secure SDLC. Succeeding with Automation. Introductions. Status Quo. Where we find flaws today. Highest ROI. Look familiar?. Relative cost to fix, based on time of detection. Source: NIST. February 2012 Report from Quocirca. Results of an Open SAMM Assessment. - PowerPoint PPT Presentation

transcript

Avoiding the Pitfalls of Secure SDLC

Succeeding with Automation

Introductions

Status Quo

Requir

emen

ts / A

rchite

cture

Coding

Integ

ration

/ Com

pone

nt Tes

ting

System

/ Acc

eptan

ce T

estin

g

Produc

tion /

Pos

t-Rele

ase

1x6x

11x16x21x26x31x36x

Rel

ativ

e co

st to

fix,

bas

ed o

n tim

e of

det

ectio

n

Source: NIST

Highest ROI

Where we find flaws today

Look familiar?

February 2012 Report from Quocirca

Results of an Open SAMM Assessment

Problems with Verification

Security Requirements

42%

58%

Not covered by scannersCan be caught by scanners

Scaling: Self-Serve

Solution: Automated, Criteria-based

Requirements Generation

Context

Matched Against Rules

Generates Threats

Matched Against Rules

Which Have Countermeasures

Apply the context for specific guidelines

And (Optionally) Import into ALM

Program Justification:$4k to find vuln in

production

rohit@sdelements.comehsan@sdelements.com

Copyright © 2018 DOCUMENTS