SlideShare a Scribd company logo

Delivering Security In an Agile World

Download as PPTX, PDF
Cigital
Cigital

"Delivering Security In an Agile World: 7 things to remember to ensure the software you're developing is secure" When delivering software features in an agile way, it’s critical to ensure the software you’re delivering is secure. To understand how this works, think of the Agile SDLC as a shipping company—instead of delivering software, you’re delivering packages. In this detailed metaphor, you’ll gain new perspectives on: Prioritizing features effectively Overcoming roadblocks to stay on schedule Implementing security activities along the way Examining the anatomy of Agile delivery Visit https://www.cigital.com/resources/ebooks-and-whitepapers/security-agile-methodology-process/ to download the associated eBook.

Software
1 of 27
Delivering Security In an Agile World 7 things to remember to ensure the software you’re developing is secure.
Imagine you’re running a shipping business… To explain how to best fit security into your Agile development process without slowing down the works, let’s compare it to a shipping service. So, instead of delivering software, imagine you’re now delivering packages—really important packages.
Get your priorities straight.
Each package represents a feature that someone wants in your software. Some are very important and must be delivered ASAP. Others can wait for a future delivery.
Keep on keepin’ on.
A driver that delivers packages to the right addresses, on time, without losing them or breaking them is like a software development team that delivers a well-defined set of features by the pre-determined release date. To keep to the schedule, change things as you go rather than back tracking.
Don’t cram the van, man.
When selecting what items to deliver each day, it’s important to remember that the van can only carry so much stuff at a time. Likewise, Agile development teams have a notion of “how big the van is.”
A sprint is no more stretchable than the sides of a delivery van.
If all your eggs don’t fit in one basket…
If someone orders a dozen eggs, but you can only fit ten in the van, take ten now and two later. Likewise, if a feature is too big for a sprint, break it up into several sprints.
You can’t deliver half an egg (without getting really messy). Likewise, there are limits to how some features can be broken down.
Handle with care.
Taking the time to fill the empty space in each box with packing peanuts is worth the extra effort. It’ll save you the cost and time it takes to replace a broken item. Likewise, building security into your SDLC will reduce the time and money it takes to implement corrections in future sprints.
The accumulation of replacement items that need to be delivered is called “technical debt.”
When life give you golf balls…
Giving your development team a code scanning report with 25,000 results is like giving them a crate of 25,000 golf balls and asking them to ship each one individually. It’s absurdly inefficient.
Security issues should be packaged in a way that makes it easier for developers to deliver.
Put the pedal to the metal.
Here are 3 tips to help you deliver security successfully in an Agile world.
Security needs to meet the developers where they work. 1
Provide security assessment results in a format that is consumable by the development team.
Agile software development methods work. 2
If you put security on your development team’s list of goals, then they will build things that get them to security.
The goal is to create secure software. 3
There is no need to make security artifacts for the sake of making security artifacts.
Ready to get moving? FIND OUT HOW

Recommended

How to Avoid the Top Ten Software Security Flaws
How to Avoid the Top Ten Software Security FlawsHow to Avoid the Top Ten Software Security Flaws
How to Avoid the Top Ten Software Security FlawsCigital
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat ModelingCigital
 
The Path to Proactive Application Security
The Path to Proactive Application SecurityThe Path to Proactive Application Security
The Path to Proactive Application SecurityCigital
 
5 Models for Enterprise Software Security Management Teams
5 Models for Enterprise Software Security Management Teams 5 Models for Enterprise Software Security Management Teams
5 Models for Enterprise Software Security Management Teams Cigital
 
Enterprise Spice Scope
Enterprise Spice ScopeEnterprise Spice Scope
Enterprise Spice Scopeespice
 
Touchpoints and security
Touchpoints and securityTouchpoints and security
Touchpoints and securityMohan Datar
 
Security Vulnerabilities in Third Party Code - Fix All the Things!
Security Vulnerabilities in Third Party Code - Fix All the Things! Security Vulnerabilities in Third Party Code - Fix All the Things!
Security Vulnerabilities in Third Party Code - Fix All the Things! Kymberlee Price
 
Security in the Development Lifecycle - lessons learned
Security in the Development Lifecycle - lessons learnedSecurity in the Development Lifecycle - lessons learned
Security in the Development Lifecycle - lessons learnedBoaz Shunami
 

Recommended

How to Avoid the Top Ten Software Security Flaws
How to Avoid the Top Ten Software Security FlawsHow to Avoid the Top Ten Software Security Flaws
How to Avoid the Top Ten Software Security FlawsCigital
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat ModelingCigital
 
The Path to Proactive Application Security
The Path to Proactive Application SecurityThe Path to Proactive Application Security
The Path to Proactive Application SecurityCigital
 
5 Models for Enterprise Software Security Management Teams
5 Models for Enterprise Software Security Management Teams 5 Models for Enterprise Software Security Management Teams
5 Models for Enterprise Software Security Management Teams Cigital
 
Enterprise Spice Scope
Enterprise Spice ScopeEnterprise Spice Scope
Enterprise Spice Scopeespice
 
Touchpoints and security
Touchpoints and securityTouchpoints and security
Touchpoints and securityMohan Datar
 
Security Vulnerabilities in Third Party Code - Fix All the Things!
Security Vulnerabilities in Third Party Code - Fix All the Things! Security Vulnerabilities in Third Party Code - Fix All the Things!
Security Vulnerabilities in Third Party Code - Fix All the Things! Kymberlee Price
 
Security in the Development Lifecycle - lessons learned
Security in the Development Lifecycle - lessons learnedSecurity in the Development Lifecycle - lessons learned
Security in the Development Lifecycle - lessons learnedBoaz Shunami
 
SSE
SSESSE
SSESagehenCapitalManagement
 
Security Maturity Models.
Security Maturity Models.Security Maturity Models.
Security Maturity Models.Priyanka Aash
 
Enfoque Crítico de la Educación, Educación, Bolivia, Piel Blanca
Enfoque Crítico de la Educación, Educación, Bolivia, Piel BlancaEnfoque Crítico de la Educación, Educación, Bolivia, Piel Blanca
Enfoque Crítico de la Educación, Educación, Bolivia, Piel BlancaÁlvaro Miguel Carranza Montalvo
 
Ken Oldenburger CV 2017 Jan
Ken Oldenburger CV 2017 JanKen Oldenburger CV 2017 Jan
Ken Oldenburger CV 2017 JanKen Oldenburger
 
CYI Submission to Inquiry into Foetal Alcohol Spectrum Disorder
CYI Submission to Inquiry into Foetal Alcohol Spectrum DisorderCYI Submission to Inquiry into Foetal Alcohol Spectrum Disorder
CYI Submission to Inquiry into Foetal Alcohol Spectrum DisorderGudmundur (Gummi) Fridriksson
 
LeeBond2015
LeeBond2015LeeBond2015
LeeBond2015Lee Bond, PMP, ACP, ITIL
 
YHON JAIRO DURAN M
YHON JAIRO DURAN MYHON JAIRO DURAN M
YHON JAIRO DURAN MYhon Duran Martinez
 
Co-production in Safeguarding Children
Co-production in Safeguarding ChildrenCo-production in Safeguarding Children
Co-production in Safeguarding ChildrenBASPCAN
 
план работы цбс на 4 квартал 2015
план работы цбс на 4 квартал 2015план работы цбс на 4 квартал 2015
план работы цбс на 4 квартал 2015Татьяна Сударикова
 
Parenting:risk,capacity,and change under new lenses
Parenting:risk,capacity,and change under new lensesParenting:risk,capacity,and change under new lenses
Parenting:risk,capacity,and change under new lensesBASPCAN
 
Connecting Evidence to Outcomes: Practioner Development Programme
Connecting Evidence to Outcomes: Practioner Development ProgrammeConnecting Evidence to Outcomes: Practioner Development Programme
Connecting Evidence to Outcomes: Practioner Development ProgrammeBASPCAN
 
Appleton_Pamela_Resume 6
Appleton_Pamela_Resume 6Appleton_Pamela_Resume 6
Appleton_Pamela_Resume 6Pamela Appleton
 
Child welfare workers' experiences of obstacles in care order case preparation
Child welfare workers' experiences of obstacles in care order case preparationChild welfare workers' experiences of obstacles in care order case preparation
Child welfare workers' experiences of obstacles in care order case preparationBASPCAN
 
GlobalTech brochure
GlobalTech brochureGlobalTech brochure
GlobalTech brochureFernando Blasco
 
7 Lessons Learned From BSIMM
7 Lessons Learned From BSIMM7 Lessons Learned From BSIMM
7 Lessons Learned From BSIMMCigital
 
Getting Executive Support for a Software Security Program
Getting Executive Support for a Software Security ProgramGetting Executive Support for a Software Security Program
Getting Executive Support for a Software Security ProgramCigital
 
Handle With Care: You Have My VA Report!
Handle With Care: You Have My VA Report!Handle With Care: You Have My VA Report!
Handle With Care: You Have My VA Report!Cigital
 
Can You Really Automate Yourself Secure
Can You Really Automate Yourself SecureCan You Really Automate Yourself Secure
Can You Really Automate Yourself SecureCigital
 
How to Choose the Right Security Training for You
How to Choose the Right Security Training for YouHow to Choose the Right Security Training for You
How to Choose the Right Security Training for YouCigital
 
6 Most Common Threat Modeling Misconceptions
6 Most Common Threat Modeling Misconceptions6 Most Common Threat Modeling Misconceptions
6 Most Common Threat Modeling MisconceptionsCigital
 
Video Game Security
Video Game SecurityVideo Game Security
Video Game SecurityCigital
 
Get Your Board to Say "Yes" to a BSIMM Assessment
Get Your Board to Say "Yes" to a BSIMM AssessmentGet Your Board to Say "Yes" to a BSIMM Assessment
Get Your Board to Say "Yes" to a BSIMM AssessmentCigital
 

More Related Content

Viewers also liked

Security Maturity Models.
Security Maturity Models.Security Maturity Models.
Security Maturity Models.Priyanka Aash
 
Enfoque Crítico de la Educación, Educación, Bolivia, Piel Blanca
Enfoque Crítico de la Educación, Educación, Bolivia, Piel BlancaEnfoque Crítico de la Educación, Educación, Bolivia, Piel Blanca
Enfoque Crítico de la Educación, Educación, Bolivia, Piel BlancaÁlvaro Miguel Carranza Montalvo
 
Ken Oldenburger CV 2017 Jan
Ken Oldenburger CV 2017 JanKen Oldenburger CV 2017 Jan
Ken Oldenburger CV 2017 JanKen Oldenburger
 
CYI Submission to Inquiry into Foetal Alcohol Spectrum Disorder
CYI Submission to Inquiry into Foetal Alcohol Spectrum DisorderCYI Submission to Inquiry into Foetal Alcohol Spectrum Disorder
CYI Submission to Inquiry into Foetal Alcohol Spectrum DisorderGudmundur (Gummi) Fridriksson
 
Co-production in Safeguarding Children
Co-production in Safeguarding ChildrenCo-production in Safeguarding Children
Co-production in Safeguarding ChildrenBASPCAN
 
Parenting:risk,capacity,and change under new lenses
Parenting:risk,capacity,and change under new lensesParenting:risk,capacity,and change under new lenses
Parenting:risk,capacity,and change under new lensesBASPCAN
 
Connecting Evidence to Outcomes: Practioner Development Programme
Connecting Evidence to Outcomes: Practioner Development ProgrammeConnecting Evidence to Outcomes: Practioner Development Programme
Connecting Evidence to Outcomes: Practioner Development ProgrammeBASPCAN
 
Appleton_Pamela_Resume 6
Appleton_Pamela_Resume 6Appleton_Pamela_Resume 6
Appleton_Pamela_Resume 6Pamela Appleton
 
Child welfare workers' experiences of obstacles in care order case preparation
Child welfare workers' experiences of obstacles in care order case preparationChild welfare workers' experiences of obstacles in care order case preparation
Child welfare workers' experiences of obstacles in care order case preparationBASPCAN
 

Viewers also liked (14)

SSE
SSESSE
SSE
 
Security Maturity Models.
Security Maturity Models.Security Maturity Models.
Security Maturity Models.
 
Enfoque Crítico de la Educación, Educación, Bolivia, Piel Blanca
Enfoque Crítico de la Educación, Educación, Bolivia, Piel BlancaEnfoque Crítico de la Educación, Educación, Bolivia, Piel Blanca
Enfoque Crítico de la Educación, Educación, Bolivia, Piel Blanca
 
Ken Oldenburger CV 2017 Jan
Ken Oldenburger CV 2017 JanKen Oldenburger CV 2017 Jan
Ken Oldenburger CV 2017 Jan
 
CYI Submission to Inquiry into Foetal Alcohol Spectrum Disorder
CYI Submission to Inquiry into Foetal Alcohol Spectrum DisorderCYI Submission to Inquiry into Foetal Alcohol Spectrum Disorder
CYI Submission to Inquiry into Foetal Alcohol Spectrum Disorder
 
LeeBond2015
LeeBond2015LeeBond2015
LeeBond2015
 
YHON JAIRO DURAN M
YHON JAIRO DURAN MYHON JAIRO DURAN M
YHON JAIRO DURAN M
 
Co-production in Safeguarding Children
Co-production in Safeguarding ChildrenCo-production in Safeguarding Children
Co-production in Safeguarding Children
 
план работы цбс на 4 квартал 2015
план работы цбс на 4 квартал 2015план работы цбс на 4 квартал 2015
план работы цбс на 4 квартал 2015
 
Parenting:risk,capacity,and change under new lenses
Parenting:risk,capacity,and change under new lensesParenting:risk,capacity,and change under new lenses
Parenting:risk,capacity,and change under new lenses
 
Connecting Evidence to Outcomes: Practioner Development Programme
Connecting Evidence to Outcomes: Practioner Development ProgrammeConnecting Evidence to Outcomes: Practioner Development Programme
Connecting Evidence to Outcomes: Practioner Development Programme
 
Appleton_Pamela_Resume 6
Appleton_Pamela_Resume 6Appleton_Pamela_Resume 6
Appleton_Pamela_Resume 6
 
Child welfare workers' experiences of obstacles in care order case preparation
Child welfare workers' experiences of obstacles in care order case preparationChild welfare workers' experiences of obstacles in care order case preparation
Child welfare workers' experiences of obstacles in care order case preparation
 
GlobalTech brochure
GlobalTech brochureGlobalTech brochure
GlobalTech brochure
 

More from Cigital

7 Lessons Learned From BSIMM
7 Lessons Learned From BSIMM7 Lessons Learned From BSIMM
7 Lessons Learned From BSIMMCigital
 
Getting Executive Support for a Software Security Program
Getting Executive Support for a Software Security ProgramGetting Executive Support for a Software Security Program
Getting Executive Support for a Software Security ProgramCigital
 
Handle With Care: You Have My VA Report!
Handle With Care: You Have My VA Report!Handle With Care: You Have My VA Report!
Handle With Care: You Have My VA Report!Cigital
 
Can You Really Automate Yourself Secure
Can You Really Automate Yourself SecureCan You Really Automate Yourself Secure
Can You Really Automate Yourself SecureCigital
 
How to Choose the Right Security Training for You
How to Choose the Right Security Training for YouHow to Choose the Right Security Training for You
How to Choose the Right Security Training for YouCigital
 
6 Most Common Threat Modeling Misconceptions
6 Most Common Threat Modeling Misconceptions6 Most Common Threat Modeling Misconceptions
6 Most Common Threat Modeling MisconceptionsCigital
 
Video Game Security
Video Game SecurityVideo Game Security
Video Game SecurityCigital
 
Get Your Board to Say "Yes" to a BSIMM Assessment
Get Your Board to Say "Yes" to a BSIMM AssessmentGet Your Board to Say "Yes" to a BSIMM Assessment
Get Your Board to Say "Yes" to a BSIMM AssessmentCigital
 
Software Security Metrics
Software Security MetricsSoftware Security Metrics
Software Security MetricsCigital
 
Software Security Initiative Capabilities: Where Do I Begin?
Software Security Initiative Capabilities: Where Do I Begin? Software Security Initiative Capabilities: Where Do I Begin?
Software Security Initiative Capabilities: Where Do I Begin? Cigital
 
Static Analysis Tools and Frameworks: Overcoming a Dangerous Blind Spot
Static Analysis Tools and Frameworks: Overcoming a Dangerous Blind SpotStatic Analysis Tools and Frameworks: Overcoming a Dangerous Blind Spot
Static Analysis Tools and Frameworks: Overcoming a Dangerous Blind SpotCigital
 
Cyber War, Cyber Peace, Stones, and Glass Houses
Cyber War, Cyber Peace, Stones, and Glass HousesCyber War, Cyber Peace, Stones, and Glass Houses
Cyber War, Cyber Peace, Stones, and Glass HousesCigital
 
The Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing ChecklistThe Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing ChecklistCigital
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?Cigital
 
BSIMM By The Numbers
BSIMM By The NumbersBSIMM By The Numbers
BSIMM By The NumbersCigital
 
BSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software SecurityBSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software SecurityCigital
 
BSIMM-V: The Building Security In Maturity Model
BSIMM-V: The Building Security In Maturity ModelBSIMM-V: The Building Security In Maturity Model
BSIMM-V: The Building Security In Maturity ModelCigital
 

More from Cigital (17)

7 Lessons Learned From BSIMM
7 Lessons Learned From BSIMM7 Lessons Learned From BSIMM
7 Lessons Learned From BSIMM
 
Getting Executive Support for a Software Security Program
Getting Executive Support for a Software Security ProgramGetting Executive Support for a Software Security Program
Getting Executive Support for a Software Security Program
 
Handle With Care: You Have My VA Report!
Handle With Care: You Have My VA Report!Handle With Care: You Have My VA Report!
Handle With Care: You Have My VA Report!
 
Can You Really Automate Yourself Secure
Can You Really Automate Yourself SecureCan You Really Automate Yourself Secure
Can You Really Automate Yourself Secure
 
How to Choose the Right Security Training for You
How to Choose the Right Security Training for YouHow to Choose the Right Security Training for You
How to Choose the Right Security Training for You
 
6 Most Common Threat Modeling Misconceptions
6 Most Common Threat Modeling Misconceptions6 Most Common Threat Modeling Misconceptions
6 Most Common Threat Modeling Misconceptions
 
Video Game Security
Video Game SecurityVideo Game Security
Video Game Security
 
Get Your Board to Say "Yes" to a BSIMM Assessment
Get Your Board to Say "Yes" to a BSIMM AssessmentGet Your Board to Say "Yes" to a BSIMM Assessment
Get Your Board to Say "Yes" to a BSIMM Assessment
 
Software Security Metrics
Software Security MetricsSoftware Security Metrics
Software Security Metrics
 
Software Security Initiative Capabilities: Where Do I Begin?
Software Security Initiative Capabilities: Where Do I Begin? Software Security Initiative Capabilities: Where Do I Begin?
Software Security Initiative Capabilities: Where Do I Begin?
 
Static Analysis Tools and Frameworks: Overcoming a Dangerous Blind Spot
Static Analysis Tools and Frameworks: Overcoming a Dangerous Blind SpotStatic Analysis Tools and Frameworks: Overcoming a Dangerous Blind Spot
Static Analysis Tools and Frameworks: Overcoming a Dangerous Blind Spot
 
Cyber War, Cyber Peace, Stones, and Glass Houses
Cyber War, Cyber Peace, Stones, and Glass HousesCyber War, Cyber Peace, Stones, and Glass Houses
Cyber War, Cyber Peace, Stones, and Glass Houses
 
The Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing ChecklistThe Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing Checklist
 
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?
 
BSIMM By The Numbers
BSIMM By The NumbersBSIMM By The Numbers
BSIMM By The Numbers
 
BSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software SecurityBSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software Security
 
BSIMM-V: The Building Security In Maturity Model
BSIMM-V: The Building Security In Maturity ModelBSIMM-V: The Building Security In Maturity Model
BSIMM-V: The Building Security In Maturity Model
 

Recently uploaded

Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 

Recently uploaded (20)

Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 

Delivering Security In an Agile World

  • 1. Delivering Security In an Agile World 7 things to remember to ensure the software you’re developing is secure.
  • 2. Imagine you’re running a shipping business… To explain how to best fit security into your Agile development process without slowing down the works, let’s compare it to a shipping service. So, instead of delivering software, imagine you’re now delivering packages—really important packages.
  • 4. Each package represents a feature that someone wants in your software. Some are very important and must be delivered ASAP. Others can wait for a future delivery.
  • 6. A driver that delivers packages to the right addresses, on time, without losing them or breaking them is like a software development team that delivers a well-defined set of features by the pre-determined release date. To keep to the schedule, change things as you go rather than back tracking.
  • 7. Don’t cram the van, man.
  • 8. When selecting what items to deliver each day, it’s important to remember that the van can only carry so much stuff at a time. Likewise, Agile development teams have a notion of “how big the van is.”
  • 9. A sprint is no more stretchable than the sides of a delivery van.
  • 10. If all your eggs don’t fit in one basket…
  • 11. If someone orders a dozen eggs, but you can only fit ten in the van, take ten now and two later. Likewise, if a feature is too big for a sprint, break it up into several sprints.
  • 12. You can’t deliver half an egg (without getting really messy). Likewise, there are limits to how some features can be broken down.
  • 14. Taking the time to fill the empty space in each box with packing peanuts is worth the extra effort. It’ll save you the cost and time it takes to replace a broken item. Likewise, building security into your SDLC will reduce the time and money it takes to implement corrections in future sprints.
  • 15. The accumulation of replacement items that need to be delivered is called “technical debt.”
  • 16. When life give you golf balls…
  • 17. Giving your development team a code scanning report with 25,000 results is like giving them a crate of 25,000 golf balls and asking them to ship each one individually. It’s absurdly inefficient.
  • 18. Security issues should be packaged in a way that makes it easier for developers to deliver.
  • 19. Put the pedal to the metal.
  • 20. Here are 3 tips to help you deliver security successfully in an Agile world.
  • 21. Security needs to meet the developers where they work. 1
  • 22. Provide security assessment results in a format that is consumable by the development team.
  • 23. Agile software development methods work. 2
  • 24. If you put security on your development team’s list of goals, then they will build things that get them to security.
  • 25. The goal is to create secure software. 3
  • 26. There is no need to make security artifacts for the sake of making security artifacts.
  • 27. Ready to get moving? FIND OUT HOW