Date post: | 16-Apr-2017 |
Category: |
Technology |
Upload: | bohdan-serednytskyi |
View: | 1,237 times |
Download: | 0 times |
Building better product securityan engineering approach
Who we are
Client was hacked
Security Assessment of completed product…
…is not good enough sometimes either
Secure Development Lifecycle
Engineer becomes a part of team
How security process looks in reality
Than start process of re-Coding, re-Building, re-Testing, re-Auditing
3rd party or internal audit
Tone of security defects
BACK to re-Coding, re-Building, re-Testing, re-Auditing
Generic Approach for Security
Design Build Test Production
security requirements / risk and threat analysis
coding guidelines /code reviews/ static
analysis
security testing / dynamic analysis
vulnerability scanning / WAF
Reactive ApproachProactive Approach
Secure SDLC
Defining security requirements for a project
Developing coding guidelines and static code analysis
Security testing
Vulnerabilty testing
Common SDLC fails
CODE
It is not a vulnerability, it is a feature
Installling application after SDLC on vulnerable environment
SDLC makes everyone happy
Such approach eventually may save one’s business
Questions?
Thanks!
http://owasp-lviv.blogspot.com