0
Security & The SDLC
        Marisa Fagan
   Security Project Manager
       Errata Security
Who Am I?
• Research on SDLC
  • Survey - bit.ly/ErrataSurvey


• Security Project Manager
  • Looking Glass
  • Hamster
 ...
The Survey
• Questions
  • Role/Company Size
  • Awareness
  • Testing
  • Methodology
  • Rant
• Findings so far
  • No o...
Securing the SDLC
• Many different choices
• Decide what you can afford
• Get creative about training
• Short vs. Long ter...
SDL Light
• Start with an incident
• Requirements: Let the tools guide you
• Design: Use a threat template
• Gauntlet: Run...
Questions? Comments?



• http://www.erratasec.com




                             xkcd
Upcoming SlideShare
Loading in...5
×

Security & the SDLC - Marisa Fagan

2,519

Published on

Many companies are using an ad hoc software development strategy that uses as few resources as possible. Only when there is a security incident can these organizations justify change to management. We recommend a stripped down version of the classic Secure Development Lifecycle called "SDL Light" that recognizes the haste involved in a first release. It begins after the software is released and becomes compromised. SDL Light has two main advantages: Fast response and barebones resource requirements. The process uniquely manages this by heavily focusing on templates for testing and Errata's list of "20 Most Common Bugs" which identifies most security problems found in software. This process leverages the decades of combined research and on-site experience of the Errata Security pentesting team without the resource drain of housing a team of "Security Experts."

Published in: Technology, Education
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,519
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
35
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Transcript of "Security & the SDLC - Marisa Fagan"

  1. 1. Security & The SDLC Marisa Fagan Security Project Manager Errata Security
  2. 2. Who Am I? • Research on SDLC • Survey - bit.ly/ErrataSurvey • Security Project Manager • Looking Glass • Hamster • Ferret • AxBan
  3. 3. The Survey • Questions • Role/Company Size • Awareness • Testing • Methodology • Rant • Findings so far • No one solution for any two companies
  4. 4. Securing the SDLC • Many different choices • Decide what you can afford • Get creative about training • Short vs. Long term fix • Make specific changes • Save time by swinging a wide net • Trust in tools
  5. 5. SDL Light • Start with an incident • Requirements: Let the tools guide you • Design: Use a threat template • Gauntlet: Run the automated tools • Analysis: Unit test, master one vuln at a time, be specific • Sanity Check: Defense in Depth, check your work, Security Expert sign off & release
  6. 6. Questions? Comments? • http://www.erratasec.com xkcd
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×