Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Building better product security
an engineering approach
Who we are
Client was hacked
Security Assessment of
completed product…
…is not good enough sometimes either
Secure Development Lifecycle
Engineer becomes a part of team
How security process looks in reality
Than start process of re-Coding, re-Building, re-Testing, re-Auditing
3rd party or i...
Generic Approach for Security
Design Build Test Production
security
requirements / risk
and threat analysis
coding guideli...
Defining security requirements for a project
Developing coding guidelines
and static code analysis
Security testing
Vulnerabilty testing
Common SDLC fails
CODE
It is not a vulnerability, it is a feature
Installling application after SDLC on vulnerable environment
SDLC makes everyone happy
Such approach eventually may save one’s business
Questions?
Thanks!
http://owasp-lviv.blogspot.com
Upcoming SlideShare
Loading in …5
×

Building better product security

2,178 views

Published on

BSides Kyiv 2016 Presentation by Stanislav Breslavskiy

Published in: Technology
  • Be the first to comment

Building better product security

  1. 1. Building better product security an engineering approach
  2. 2. Who we are
  3. 3. Client was hacked
  4. 4. Security Assessment of completed product…
  5. 5. …is not good enough sometimes either
  6. 6. Secure Development Lifecycle
  7. 7. Engineer becomes a part of team
  8. 8. How security process looks in reality Than start process of re-Coding, re-Building, re-Testing, re-Auditing 3rd party or internal audit Tone of security defects BACK to re-Coding, re-Building, re-Testing, re-Auditing
  9. 9. Generic Approach for Security Design Build Test Production security requirements / risk and threat analysis coding guidelines /code reviews/ static analysis security testing / dynamic analysis vulnerability scanning / WAF Reactive ApproachProactive Approach Secure SDLC
  10. 10. Defining security requirements for a project
  11. 11. Developing coding guidelines and static code analysis
  12. 12. Security testing
  13. 13. Vulnerabilty testing
  14. 14. Common SDLC fails
  15. 15. CODE
  16. 16. It is not a vulnerability, it is a feature
  17. 17. Installling application after SDLC on vulnerable environment
  18. 18. SDLC makes everyone happy
  19. 19. Such approach eventually may save one’s business
  20. 20. Questions?
  21. 21. Thanks! http://owasp-lviv.blogspot.com

×