This talk will help developers, project managers, CIO's and anyone included in implementing a new application with an organization, understand the cost of not implementing security in each phase of the software development lifecycle (SDLC). Most projects disregard security in the early phases of the SDLC to prioritize functionality or to complete the project within the deadline. This results in a large cost to the company as these security weaknesses could pose a large amount of risk.

4. Security Consultant at Blaze Information Security
OSCP, Contributor to OWASP Cheathseet,
Twitter: iKnadt, Github: Knadt
INTRO

5. The cost of fixing security vulnerabilities
in each phase of the SDLC

7. WHAT ISTHIS SDLCYOU SPEAK OF?

8. WHERE DEFECTS ARE INTRODUCED?

9. WHERE DEFECTS ARE DISCOVERED?

10. THE COST OF FIXINGTHE DEFECTS

11. S-SDLC

12. COMPARISON

13. HOWTO DO IT?

14. SDLC: REQUIREMENTS ANALYSIS
○ Security Analysis
○ SecurityThreat Modeling

15. SDLC: DESIGN
○ SecurityTest Plan

16. SDLC: DEVELOPMENT & UNITTESTING
○ Education
○ IDE Plugin (PUMA SCAN C#)
○ Source Code Review (Manual)
○ Security White BoxTesting

17. SDLC: SYSTEMTEST
○ PenetrationTesting
○ Security Black BoxTesting
○ Vulnerability Scanning (Nessus)

18. ○ Impact Analysis of Patches
SDLC: DEPLOYMENT & RELEASE