Basic of SSDLC

7,854 views

Published on

Software Security Development Life Cycle

Published in: Technology, News & Politics
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
7,854
On SlideShare
0
From Embeds
0
Number of Embeds
16
Actions
Shares
0
Downloads
133
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Basic of SSDLC

  1. 1. Secure Software Development Life Cycle (SSDLC) Chitpong Wuttanan
  2. 2. Not have Security Process or last priority to do it
  3. 3. Microsoft Security Development Lifecycle http://www.microsoft.com/security/sdl/discover/default.aspx
  4. 4. if your developed, what step to do security?
  5. 5. Goals of Basic Security <ul><li>C = Confidentiality
  6. 6. I = Integrity
  7. 7. A = Availability </li></ul>
  8. 8. What Developer must know? <ul><li>What's Threat </li><ul><li>(www.owasp.org) </li></ul><li>Cheat sheet and prevention cheat sheet </li><ul><li>Seach on google </li></ul><li>How to hacking and protect </li><ul><li>( www.zone-h.com , www.xssed.com) </li></ul><li>Benchmark Security of Tools </li><ul><li>(www.cisecurity.org) </li></ul></ul>
  9. 9. Penetration Test drive <ul><li>False negative </li><ul><li>Do correct, software respond incorrect </li></ul><li>False positive </li><ul><li>Do incorrect, software respond correct </li></ul></ul>
  10. 10. Start to improve security <ul><li>Log </li><ul><li>Keep abnormal log </li></ul><li>Requirement </li><ul><li>What and where to security on software </li></ul><li>Know all in environment </li><ul><li>Input data
  11. 11. Output data </li></ul></ul>
  12. 12. “ We wouldn't have to spend so much time and effort on network security if we didn't have such bad software security” Bruce Schneier (Security Guru) “ Security isn't just an IT issue. It's everyone's business.”

×