TATA KELOLA PENGAMANAN
PERANGKAT LUNAK
Kementrian Komunikasi dan Informatika
Information Security

CONFIDENTIAL
Introduction

CONFIDENTIAL
Introduction

CONFIDENTIAL
Introduction

CONFIDENTIAL
Introduction
Security Guideline

CONFIDENTIAL
Open SAMM
Secure
Software
Development

Governance

Construction

Verification

•

Strategy & Metrics

•

Threat Assessment...
Information Security Institute
Requirement

•
•
•

Security Requirement
Setting up Phase Gates
Risk Assessment

Design

•
...
FoundStone - McAfee
Requirement

Design

Implementation

Verification

Release

SANS Institute
Analysis and
Design

Develo...
How About?
Secure
Software
Development

Governance

•
•
•

Construction

Strategy & Metrics
Policy and Compliance
Educatio...
Implementation
Implementation

Account Security
Mechanism

•
•
•
•
•

Username & Password
Quality
Account and Password
Age...
Sample Case

CONFIDENTIAL
Man in the Middle Attack

CONFIDENTIAL
Man in the Middle Attack
Threat
Assessment

Construction

Security
Requirement

Implementation

Security
Architecture
Acco...
Terima Kasih
Q and A

CONFIDENTIAL
Upcoming SlideShare
Loading in...5
×

Adopsi Open SAMM untuk Pengembangan Tata Kelola Pengamanan Perangkat Lunak

393

Published on

Pengenalan Open SAMM oleh Ivano Aviandi (CEO Cybertech Solusindo, Dosen, Praktisi Keamanan Informasi)

disampaikan pada Diskusi Publik Tata Kelola Pengamanan Perangkat Lunak
Hotel Sahid Jaya Jakarta, 7 November 2013

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
393
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
42
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Adopsi Open SAMM untuk Pengembangan Tata Kelola Pengamanan Perangkat Lunak

  1. 1. TATA KELOLA PENGAMANAN PERANGKAT LUNAK Kementrian Komunikasi dan Informatika
  2. 2. Information Security CONFIDENTIAL
  3. 3. Introduction CONFIDENTIAL
  4. 4. Introduction CONFIDENTIAL
  5. 5. Introduction CONFIDENTIAL
  6. 6. Introduction Security Guideline CONFIDENTIAL
  7. 7. Open SAMM Secure Software Development Governance Construction Verification • Strategy & Metrics • Threat Assessment • Policy and Compliance • Security Requirements • • Education and Guidance • Secure Architecture • • Design Review Deployment • Code Review Security Testing Vulnerability Management Environment Hardening • CONFIDENTIAL • Operational Enablement
  8. 8. Information Security Institute Requirement • • • Security Requirement Setting up Phase Gates Risk Assessment Design • • • Identify Design Sec. Req. Arch and Design Review Threat Modeling • Srv. Configuration Review Net. Configuration Review • • • Vulnerability Assessment Fuzzing Coding • • Coding Best Practice Perform Static Analysis CONFIDENTIAL Deployment Testing
  9. 9. FoundStone - McAfee Requirement Design Implementation Verification Release SANS Institute Analysis and Design Develop Testing and Implementation CONFIDENTIAL Deployment Support and Services
  10. 10. How About? Secure Software Development Governance • • • Construction Strategy & Metrics Policy and Compliance Education and Guidance • • • Verification Implementation • Coding w/ Best Practice Guidance • • • • • Threat Assessment Security Requirements Secure Architecture CONFIDENTIAL Deployment Vulnerability Management Environment Hardening Operational Enablement Design Review Code Review Security Testing
  11. 11. Implementation Implementation Account Security Mechanism • • • • • Username & Password Quality Account and Password Ages Policy Lock Account Policy Lockout Duration Transmission Process Session Management • • • • Session Termination Cookies Management Dynamic Token Multiple Session CONFIDENTIAL Input & Output Based Handling • • • • Input Validation Display Error File Validation Meta Character Filtering
  12. 12. Sample Case CONFIDENTIAL
  13. 13. Man in the Middle Attack CONFIDENTIAL
  14. 14. Man in the Middle Attack Threat Assessment Construction Security Requirement Implementation Security Architecture Account Security Mechanism CONFIDENTIAL Session Management
  15. 15. Terima Kasih Q and A CONFIDENTIAL
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×