advertisement

App Sec Eu08 Sec Frm Not In Code

20 %
80 %
advertisement
Information about App Sec Eu08 Sec Frm Not In Code
Technology

Published on January 13, 2009

Author: sammyrulez

Source: slideshare.net

Description

My presentation at App Sec Eu08 GANT
advertisement

OWASP Europe Conference 2008 Security framework is not in the code Sam Reghenzi OWASP Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation http://www.owasp.org

Do we really need more security in our software? OWASP

Do we really need more security in our software? OWASP

Do we really need more security in our software? Number of security related vulnerabilities OWASP

Do we really need more security in our software? Number of security related vulnerabilities We need to build better software OWASP

#1 What we mean with Security Framework It is not Authentication and authorization Encryption Firewall software It could be An enterprise security approach A risk management framework for security related threats Defined steps in your (Secure) development life cycle OWASP

#1 What we mean with Security Framework It is not Authentication and authorization Encryption Firewall software It could be An enterprise security approach A risk management framework for security related threats Defined steps in your (Secure) development life cycle Application security is inside the application not around it OWASP

Traditions (And other bad habits) Security is a network problem and it can be solved with hardware No budget in development Software not developed in a security aware life cycle OWASP

Establish security in your DL Software engineering Find best practice to fit your team or company Test for abuse, not only for good use Measure code, bug and progress Social engineering Make good friends Be aware of your business compliancy Wait... something bad will happen OWASP

The ROI Problem Security in software development brings no direct revenue #1 Reduce costs #2 Bring evidence of risks #3 Sell security as a value OWASP

[Static]Code analysis Add security awareness in code reviews Add security blue prints in automatic code analysis Fix codebase and third party software OWASP

[Static]Code analysis The poor man so!ware security Add security awareness in code reviews Add security blue prints in automatic code analysis Fix codebase and third party software OWASP

Security Risk management Manage knowledge, identify risks, rank them and fix them Context Risk Sort Fix OWASP

Security Risk management Gather documentation #1 Gather information from management Gather information from the team Gather information from artifacts #2 Organize everything #3 Make the deal OWASP

Hot stages of SDLC The architectural design User stories The development Test driven The test Iterations The enhancement Code review Abuse cases Penetration testing Security requirements Risk analysis OWASP

Hot stages of SDLC Traditional The architectural design User stories The development Test driven The test Iterations The enhancement Code review Abuse cases Penetration testing Security requirements Risk analysis OWASP

Hot stages of SDLC Traditional Agile The architectural design User stories The development Test driven The test Iterations The enhancement Code review Abuse cases Penetration testing Security requirements Risk analysis OWASP

Hot stages of SDLC Traditional Agile The architectural design User stories The development Test driven The test Iterations The enhancement Touchpoints Code review Abuse cases Penetration testing Security requirements Risk analysis OWASP

Historical knowledge Know your enemies Find exploit earlier Find focus Prevent attack patterns Enrich security management framework OWASP

Tips Jump on the High availability train Mitigate Web 2.0 Deliver something concrete In Rome act like a Roman OWASP

Q&A ? OWASP

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

Security framework is not in the code - OWASP

OWASP What we mean with Security Framework#1 It is not Authentication and authorization Encryption Firewall software It could be An enterprise security ...
Read more

Securities and Exchange Commission (SEC) - SEC.gov | Home

U.S. Securities and Exchange Commission Search SEC.gov. Company Filings | More ... SEC Docket; Reports; Careers; Contact; Divisions. Corporation Finance ...
Read more

D Forms Error Messages - Oracle Help Center

D Forms Error Messages. ... A CALL or CALLQRY function code contains an invalid variable ... FRM-40833: Could not completely load the dynamic user exit ...
Read more

SEC.gov | Forms List

This page provides links to PDF versions of SEC public forms and many of the rules, ... Forms List . This page provides ... Uniform application for access ...
Read more

Radio FM - Android Apps on Google Play

Radio FM (Radio For Mobile) app is to play any ... Could be a five star rating if the streaming would e more stable and not just suddenly stop.
Read more

WhatsApp :: Home

WhatsApp Messenger :: ... WhatsApp Messenger is a cross-platform mobile messaging app which allows you to exchange messages without having to pay for SMS.
Read more

Android Apps on Google Play

With over a million apps and games, Google Play has something for everyone. Browse and install your favorite Android apps and games on your ... Not Doppler ...
Read more

FanFiktion.de - Das Fanfiction Archiv

Jede Seite von FanFiktion.de ist durch ein spezielles Label gekennzeichnet, welches angibt, für welche Altersgruppe sie geeignet ist. Erziehungsberechtige ...
Read more

Groove App on Xbox 360

Learn how to use and troubleshoot the Groove app on Xbox 360. ... Redeem Code Support All support Xbox One ...
Read more