Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Secure development 2014

344 views

Published on

Secure development 2014

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Secure development 2014

  1. 1. How does the CIO deliver? With good vibrations… Sigal Russin & Pini Cohen / Copyright@2014 Do not remove source or attribution From any slide, graph or portion of graph Pini Cohen Sigal Russin STKI “IT Knowledge Integrators” pini@stki.info sitalr@stki.info 1
  2. 2. Sigal Russin & Pini Cohen / Copyright@2014 Do not remove source or attribution From any slide, graph or portion of graph 2
  3. 3. Sigal Russin & Pini Cohen / Copyright@2014 Do not remove source or attribution From any slide, graph or portion of graph 3
  4. 4. STKI index website 2 Sigal Russin & Pini Cohen / Copyright@2014 Do not remove source or attribution From any slide, graph or portion of graph 4
  5. 5. STKI index website 3 Sigal Russin & Pini Cohen / Copyright@2014 Do not remove source or attribution From any slide, graph or portion of graph 5
  6. 6. New business scenario: big maneuvers vs. small gains • Examples: Walmart, social time to respond, smaller telemarketing list
  7. 7. Or: Take full advantage
  8. 8. Why does IT need to adapt? Source: 2006 http://cacm.acm.org/magazines/2006/10/5805-why-spoofing-is-serious-internet-fraud/abstract 2006 E-Banking Site DX.com Comparison engines Alerts Wish Lists Social media integration A-B testing Web Analytics Recommendation engines Likes Much more 8
  9. 9. These new systems are called: “Systems of Engagement” Source: http://www.agencyport.com/blog/?attachment_id=3713 9
  10. 10. IT is divided into two distinct “worlds” Invest in new systems Long development and deployment cycles Reduce Operating Expenses Touch people In-moment decisions Personalized & in-context Social and analytics driven short & rapid releases 10
  11. 11. Pini Cohen and Sigal Russin's work Copyright@2013 Do not remove source or attribution from any slide, graph or portion of graph Domains of change • Focus on generating business value through agility and flexibility  Agile Development  BYOD BYO everything  Public Cloud  Open Source  Big Data  Devops  Mobile First  Commodity HW (or specific build) 11 Source: http://highscalability.com/blog/2012/5/7/startups-are-creating-a-new-system-of-the-world-for-it.html STKI modifications
  12. 12. Lately “I was not happy” (corporate IT situation) 12
  13. 13. This year is “Good Vibrations Year” •Continuous integration with Jenkins. Agile development projects. •Open source code in governmental projects. Hadoop, NoSQL initial projects. •Users deploy CRM and other strategic application in SaaS. Corporate sites at Azure. Email at 365 and Google. •Develop web apps in php, python. Users consider Puppet, Chef, Openstack. 13 Not in all organization. Not in all areas. But still, organizations starting to embrace contemporary technologies and processes!
  14. 14. The current “kings” are threatened CISCO • SDN – Openflow , Nicira • Mobile market share • Traction of startups and cloud providers Microsoft HP • Lower margins in printers, servers, PC VMWARE • Open source alternatives – Openstack • NoSQLHadoop • Cloud SaaS Oracle Monitoring vendors • Monitoring is provided by platforms (cloud, PaaS, etc.) (CA BMC HP IBM) • Publick Cloud • Software Defined Storage • NoSQLHadoop Storage vendors (EMC NETAPP, etc.) Redhat • Centos 14
  15. 15. Major Application development trends •Mobile first •Responsive Web •Client based web applications (with Rest API’s) •Proliferation of web JS frameworks and in general development tools •Development on cloud. PAAS frameworks (CloudFoundry, Openshift) •Continuous integrationdeployment – Devops –Dockers •Microservices 15
  16. 16. Major security trends 16 IT is not only changing information security tools but also an internal vision of security inside your business.
  17. 17. For a start - Development Problems •Buffer Overflow Buffer which crosses the volume of information allocated to it in a timely manner. It allows attackers to travel outside the buffer and overwrite important information to continue running the program. In many, utilizing this weakness allows running code injected by the attacker. 17
  18. 18. Development Problems •DOS- Denial Of Service Ping of death- Due to increased bandwidth browsing, this attack does not pose a risk. Local Denial of Service: "Stealing" all possible memory from the operating system, as well as prevention service by blocking the regular work with your computer. 18
  19. 19. Development Problems Distributed Denial of Service: Many different points make one or more requests for a particular service any network and is usually carried out through many computers controlled by a single operator. •Code Injection Cross Site Scripting HTML/Javascript/ SQL injection The user can enter any code to run it through the software, and do whatever the spirit through the code they injected. •Race Condition- Resource Condition Resource conflicts in software refers to the fact that the resource is used by more than one code divides the software (memory disposed). 19
  20. 20. Development vs. Security 20
  21. 21. סדר יום לדיון •מהו תהליך פיתוח "אידאלי" בעזרת מעורבות אבטחת מידע- נציגות אבטחת מידע באגף הפיתוח מוצרים בנושא פיתוח מאובטח כולל מוצרים בענן ·• תקציב אבטחת המידע בתחילת פרויקט פיתוח ·• כיצד לשפר תהליכים ארגוניים עוד בשלב הפיתוח מבחינת אבטחה ·• טיפים והמלצות ארגונים בנושא ·• 21
  22. 22. Sigal Russin & Pini Cohen / Copyright@2014 Thank you! Do not remove source or attribution From any slide, graph or portion of graph 22

×