Secure Apps, Applications & Code
• Developed using: Waterfall / Agile / Wagile etc..
• Secure code costs: ~14% more*
• Microsoft’s SDLC is too expensive for most
• BSIMM is far more practical
• Segregation costs
• Requirements / Stories: Risk review
• Design / Architecture: Threat model and review
• Implementation: Secure* frameworks and code review
• Test: Fuzzing, penetration tests etc.
• Sustainment: DiD and quick patching
• Teams: rarely have the skills
• All: see it as a chore / gate
• Distributed teams make it complex
• Natural ability for geeks to communicate also a challenge
• COTS / components make it complex
Threat modelling: Example
Web app that uses full patched JQuery
What’s the threat?
• Good code review is hard
• Good code reviewers are rare
• Difficult to keep people focused (~3 hours a day)
• Most reliable vulnerabilities are logic which need
confidence, understanding and time
General developer, test & ops hygiene
• Often high privileges on their box
• Responsible for own patching
• External e-mail / web on machines
• Test often contractors due to flux requirement
• Code signing certs in CVS etc.
Manchester - Head Ofﬁce
North American Offices
Amsterdam - Netherlands
Munich – Germany
Zurich - Switzerland
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.