These slides will give you an overview of Application Security Risk Assessment form an SDLC stand-point. Further, the methods used for risk assessment during various phases of SDLC are also discussed.
2. Why Risk Assessment?
Risk assessment process helps to identify the risks.
The identified risk can be mitigated and brought
down to an acceptable level.
3. Risks & SDLC
It is always a good idea to identify the risks during the
various stages of SDLC ( Software Development Life Cycle).
This will ensure that the risks are mitigated before
proceeding to the next phase.
4. Risk Assessment During SDLC
Design Phase
Threat Modelling
Development Phase
Secure Code Review
Testing Phase
Security Testing
5. Risk Assessment methods…
Threat Modelling
Helps to identify the risks at the early stages of the development. Threat Modelling if done religiously in
the design phase, will identify the threats and can be fixed before entering the coding phase.
Secure Code Review
Helps to identify the flaws in the code and stops a potential vulnerability that may be exploited by an
attacker. Secure code review involves manual process and the use of automated tools
Security Testing
In the testing phase, apart from the functional testing, security testing shall also be performed. This
involves vulnerability assessment and penetration testing. These tests helps to ensure that the
potential flaws are identified and fixed before the release.
7. Application Security Risk Assessment is a continuous process. The
challenge is to ensure that risks are identified and brought down to
an acceptable level.
Summary