• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Security & the SDLC - Marisa Fagan
 

Security & the SDLC - Marisa Fagan

on

  • 3,589 views

Many companies are using an ad hoc software development strategy that uses as few resources as possible. Only when there is a security incident can these organizations justify change to management. We ...

Many companies are using an ad hoc software development strategy that uses as few resources as possible. Only when there is a security incident can these organizations justify change to management. We recommend a stripped down version of the classic Secure Development Lifecycle called "SDL Light" that recognizes the haste involved in a first release. It begins after the software is released and becomes compromised. SDL Light has two main advantages: Fast response and barebones resource requirements. The process uniquely manages this by heavily focusing on templates for testing and Errata's list of "20 Most Common Bugs" which identifies most security problems found in software. This process leverages the decades of combined research and on-site experience of the Errata Security pentesting team without the resource drain of housing a team of "Security Experts."

Statistics

Views

Total Views
3,589
Views on SlideShare
3,577
Embed Views
12

Actions

Likes
2
Downloads
32
Comments
0

1 Embed 12

http://www.slideshare.net 12

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Security & the SDLC - Marisa Fagan Security & the SDLC - Marisa Fagan Presentation Transcript

    • Security & The SDLC Marisa Fagan Security Project Manager Errata Security
    • Who Am I? • Research on SDLC • Survey - bit.ly/ErrataSurvey • Security Project Manager • Looking Glass • Hamster • Ferret • AxBan
    • The Survey • Questions • Role/Company Size • Awareness • Testing • Methodology • Rant • Findings so far • No one solution for any two companies
    • Securing the SDLC • Many different choices • Decide what you can afford • Get creative about training • Short vs. Long term fix • Make specific changes • Save time by swinging a wide net • Trust in tools
    • SDL Light • Start with an incident • Requirements: Let the tools guide you • Design: Use a threat template • Gauntlet: Run the automated tools • Analysis: Unit test, master one vuln at a time, be specific • Sanity Check: Defense in Depth, check your work, Security Expert sign off & release
    • Questions? Comments? • http://www.erratasec.com xkcd