SlideShare a Scribd company logo

Development of secure and qualitative applications delivered by improved and automated software development life cycle

Download as PPTX, PDF
ScaleFocus
ScaleFocus

This is the presentation that our Senior Security Engineers presented in front of the QuBit Conference Sofia 2019 attendees. Take a look and find out how to protect your Enterprise from Cyber Criminals implementing automated security solutions. Contact us from here: https://www.scalefocus.com

Presentations & Public Speaking
1 of 18
Radostina Kondakova & Stoyan Iliev ScaleFocus Development of secure and qualitative applications delivered by improved and automated software development life cycle
Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 2 • Senior Security Operations Engineers in ScaleFocus Information Security team • Passionate Cyber Security Enthusiasts • Dedicated to the team About us
Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 3 1. The "What", the "Why" and the "Where" of Cyber Security 2. Implementation of Security in the Software development life cycle (SSDLC) 3. Security Benefits of Infrastructure as a code (IaaC) 4. Q&A Agenda
The "What" Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 4 The "Why" The "Where" Protects data and integrity of computing assets Civilization moving towards the Digital world From the start of negotiating, requirements and passing through all the steps in development
Implementing of Security in SDLC(SSDLC)​ Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 5 Software Development Cycle REQUIREMENTS & PLANNING Security Requirements Assurance Methodologies Standards & Frameworks 1 ANALYSIS Risk Analysis Building Checklists Security Baseline 2 Secure Design Principles Security Controls Threat Modeling DESIGN 3 IMPLEMENTATION Secure Coding Practices Static & Dynamic Code Analysis Secure Code Reviews 4 TESTING & INTEGRATION Security Testing Tools Review & Response Process Security Bug Handling 5 Patch Management 3rd Party Library Upgrades Disposal Policy MAINTENANCE 6
Threat Modeling Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 6 Define Diagram Identify Mitigate Validate
Benefits of Threat Modeling • Identifies Threats • Prioritization of threats • Applicable for all phases of SDLC • All team members are involved • Provides knowledge Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 7
Demo Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 8
Infrastructure as code (IaaC) Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 10
• Motivations • Security Challenges Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 11 • Key Practices • Security Stages to address • Conclusion Security benefits of infrastructure as code
Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 12 Increase Agility and Speed Increase Security Reduce and Control Cost Secure Motivations
Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 13 Configuration Drift Human ErrorsServer Sprawl Security Challenges Service Provider Reliability Vendor lock-inCost
IaC Key Practices • Codify everything • Document as little as possible • Maintain version control • Continuously test, integrate, and deploy • Make your infrastructure code modular • Make your infrastructure immutable (when possible) Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 14
Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 15 Security Stages to address Security Design Manual security assessment Continuous monitoring of live environments Deploying and testing in sandbox environments Static (infrastructure) code analysis prior to deployment
Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 16 Conclusion
Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 17
Thank you Stoyan Iliev stoyan.iliev@scalefocus.com LinkedIn Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 18 Radostina Kondakova radostina.kondakova@scalefocus.com LinkedIn

Recommended

Bridgera enterprise IoT Software Solutions
Bridgera enterprise IoT Software SolutionsBridgera enterprise IoT Software Solutions
Bridgera enterprise IoT Software Solutions
Ron Pascuzzi
 
(SACON) Srinivas posarala - Challenges & Approach
(SACON) Srinivas posarala - Challenges & Approach(SACON) Srinivas posarala - Challenges & Approach
(SACON) Srinivas posarala - Challenges & Approach
Priyanka Aash
 
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
apidays
 
Bridgera enterprise IoT security
Bridgera enterprise IoT securityBridgera enterprise IoT security
Bridgera enterprise IoT security
Ron Pascuzzi
 
Internet of Things in 10 slides
Internet of Things in 10 slides Internet of Things in 10 slides
Internet of Things in 10 slides
Francisco Maroto
 
Deploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business ConsiderationsDeploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business Considerations
FIDO Alliance
 
Kijiji 160616
Kijiji 160616Kijiji 160616
Kijiji 160616
Carlos Chalico
 
EuroCACS 2016 There are giants in the sky
EuroCACS 2016 There are giants in the skyEuroCACS 2016 There are giants in the sky
EuroCACS 2016 There are giants in the sky
Carlos Chalico
 

Recommended

Bridgera enterprise IoT Software Solutions
Bridgera enterprise IoT Software SolutionsBridgera enterprise IoT Software Solutions
Bridgera enterprise IoT Software Solutions
Ron Pascuzzi
 
(SACON) Srinivas posarala - Challenges & Approach
(SACON) Srinivas posarala - Challenges & Approach(SACON) Srinivas posarala - Challenges & Approach
(SACON) Srinivas posarala - Challenges & Approach
Priyanka Aash
 
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...
apidays
 
Bridgera enterprise IoT security
Bridgera enterprise IoT securityBridgera enterprise IoT security
Bridgera enterprise IoT security
Ron Pascuzzi
 
Internet of Things in 10 slides
Internet of Things in 10 slides Internet of Things in 10 slides
Internet of Things in 10 slides
Francisco Maroto
 
Deploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business ConsiderationsDeploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business Considerations
FIDO Alliance
 
Kijiji 160616
Kijiji 160616Kijiji 160616
Kijiji 160616
Carlos Chalico
 
EuroCACS 2016 There are giants in the sky
EuroCACS 2016 There are giants in the skyEuroCACS 2016 There are giants in the sky
EuroCACS 2016 There are giants in the sky
Carlos Chalico
 
APNIC Outreach Activities in Cyber Security
APNIC Outreach Activities in Cyber Security APNIC Outreach Activities in Cyber Security
APNIC Outreach Activities in Cyber Security
APNIC
 
Internet of Things (IoT) Cases
Internet of Things (IoT) CasesInternet of Things (IoT) Cases
Internet of Things (IoT) Cases
IBTECAR
 
Expo Milan 2015 Case Study_EN
Expo Milan 2015 Case Study_ENExpo Milan 2015 Case Study_EN
Expo Milan 2015 Case Study_EN
Cisco Case Studies
 
PRFP-10: Cyber threats and security in the Pacific
PRFP-10: Cyber threats and security in the PacificPRFP-10: Cyber threats and security in the Pacific
PRFP-10: Cyber threats and security in the Pacific
APNIC
 
Internet of everything #IoE
Internet of everything #IoEInternet of everything #IoE
Internet of everything #IoE
Matteo Masi
 
Talk To Your Things
Talk To Your ThingsTalk To Your Things
Talk To Your Things
Jordan Eller
 
GlobalSign IoT Developer Program and Portal
GlobalSign IoT Developer Program and PortalGlobalSign IoT Developer Program and Portal
GlobalSign IoT Developer Program and Portal
GlobalSign
 
Safety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoTSafety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoT
IoT613
 
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Rick Huijbregts
 
Identity Federation Patterns with WSO2 Identity Server​
Identity Federation Patterns with WSO2 Identity Server​Identity Federation Patterns with WSO2 Identity Server​
Identity Federation Patterns with WSO2 Identity Server​
WSO2
 
Cyber Security Week 2015: Get involved and contribute
Cyber Security Week 2015: Get involved and contributeCyber Security Week 2015: Get involved and contribute
Cyber Security Week 2015: Get involved and contribute
APNIC
 
[Fortifier] Reliable Software Engineering (Daria)
[Fortifier] Reliable Software Engineering (Daria)[Fortifier] Reliable Software Engineering (Daria)
[Fortifier] Reliable Software Engineering (Daria)
Fortifier. IT Company
 
Neotel
Neotel Neotel
Neotel
Cisco Case Studies
 
Cl16 wit io_t
Cl16 wit io_tCl16 wit io_t
Cl16 wit io_t
Shubha Govil
 
Delivering the IoT ecosystem
Delivering the IoT ecosystemDelivering the IoT ecosystem
Delivering the IoT ecosystem
Telefónica IoT
 
What in the World is Going on at The Linux Foundation?
What in the World is Going on at The Linux Foundation?What in the World is Going on at The Linux Foundation?
What in the World is Going on at The Linux Foundation?
Black Duck by Synopsys
 
IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security
Industrial Internet Consortium
 
ARM Bryan Lawrence at Smart Homes 2013 Cambridge
ARM Bryan Lawrence at Smart Homes 2013 CambridgeARM Bryan Lawrence at Smart Homes 2013 Cambridge
ARM Bryan Lawrence at Smart Homes 2013 Cambridge
Justin Hayward
 
Spo2 r33
Spo2 r33Spo2 r33
Spo2 r33
SelectedPresentations
 
Smart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter OrganizationsSmart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter Organizations
Rick Huijbregts
 
CDN-workshop.pptx
CDN-workshop.pptxCDN-workshop.pptx
CDN-workshop.pptx
danap11
 
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Erkang Zheng
 

More Related Content

What's hot

APNIC Outreach Activities in Cyber Security
APNIC Outreach Activities in Cyber Security APNIC Outreach Activities in Cyber Security
APNIC Outreach Activities in Cyber Security
APNIC
 
Internet of Things (IoT) Cases
Internet of Things (IoT) CasesInternet of Things (IoT) Cases
Internet of Things (IoT) Cases
IBTECAR
 
Expo Milan 2015 Case Study_EN
Expo Milan 2015 Case Study_ENExpo Milan 2015 Case Study_EN
Expo Milan 2015 Case Study_EN
Cisco Case Studies
 
PRFP-10: Cyber threats and security in the Pacific
PRFP-10: Cyber threats and security in the PacificPRFP-10: Cyber threats and security in the Pacific
PRFP-10: Cyber threats and security in the Pacific
APNIC
 
Internet of everything #IoE
Internet of everything #IoEInternet of everything #IoE
Internet of everything #IoE
Matteo Masi
 
Talk To Your Things
Talk To Your ThingsTalk To Your Things
Talk To Your Things
Jordan Eller
 
GlobalSign IoT Developer Program and Portal
GlobalSign IoT Developer Program and PortalGlobalSign IoT Developer Program and Portal
GlobalSign IoT Developer Program and Portal
GlobalSign
 
Safety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoTSafety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoT
IoT613
 
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Rick Huijbregts
 
Identity Federation Patterns with WSO2 Identity Server​
Identity Federation Patterns with WSO2 Identity Server​Identity Federation Patterns with WSO2 Identity Server​
Identity Federation Patterns with WSO2 Identity Server​
WSO2
 
Cyber Security Week 2015: Get involved and contribute
Cyber Security Week 2015: Get involved and contributeCyber Security Week 2015: Get involved and contribute
Cyber Security Week 2015: Get involved and contribute
APNIC
 
[Fortifier] Reliable Software Engineering (Daria)
[Fortifier] Reliable Software Engineering (Daria)[Fortifier] Reliable Software Engineering (Daria)
[Fortifier] Reliable Software Engineering (Daria)
Fortifier. IT Company
 
Neotel
Neotel Neotel
Neotel
Cisco Case Studies
 
Cl16 wit io_t
Cl16 wit io_tCl16 wit io_t
Cl16 wit io_t
Shubha Govil
 
Delivering the IoT ecosystem
Delivering the IoT ecosystemDelivering the IoT ecosystem
Delivering the IoT ecosystem
Telefónica IoT
 
What in the World is Going on at The Linux Foundation?
What in the World is Going on at The Linux Foundation?What in the World is Going on at The Linux Foundation?
What in the World is Going on at The Linux Foundation?
Black Duck by Synopsys
 
IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security
Industrial Internet Consortium
 
ARM Bryan Lawrence at Smart Homes 2013 Cambridge
ARM Bryan Lawrence at Smart Homes 2013 CambridgeARM Bryan Lawrence at Smart Homes 2013 Cambridge
ARM Bryan Lawrence at Smart Homes 2013 Cambridge
Justin Hayward
 
Spo2 r33
Spo2 r33Spo2 r33
Spo2 r33
SelectedPresentations
 
Smart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter OrganizationsSmart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter Organizations
Rick Huijbregts
 

What's hot (20)

APNIC Outreach Activities in Cyber Security
APNIC Outreach Activities in Cyber Security APNIC Outreach Activities in Cyber Security
APNIC Outreach Activities in Cyber Security
 
Internet of Things (IoT) Cases
Internet of Things (IoT) CasesInternet of Things (IoT) Cases
Internet of Things (IoT) Cases
 
Expo Milan 2015 Case Study_EN
Expo Milan 2015 Case Study_ENExpo Milan 2015 Case Study_EN
Expo Milan 2015 Case Study_EN
 
PRFP-10: Cyber threats and security in the Pacific
PRFP-10: Cyber threats and security in the PacificPRFP-10: Cyber threats and security in the Pacific
PRFP-10: Cyber threats and security in the Pacific
 
Internet of everything #IoE
Internet of everything #IoEInternet of everything #IoE
Internet of everything #IoE
 
Talk To Your Things
Talk To Your ThingsTalk To Your Things
Talk To Your Things
 
GlobalSign IoT Developer Program and Portal
GlobalSign IoT Developer Program and PortalGlobalSign IoT Developer Program and Portal
GlobalSign IoT Developer Program and Portal
 
Safety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoTSafety reliability and security lessons from defense for IoT
Safety reliability and security lessons from defense for IoT
 
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
Harvard GSD Exec.Ed Leading Organizations _ lecture, february 5 2014
 
Identity Federation Patterns with WSO2 Identity Server​
Identity Federation Patterns with WSO2 Identity Server​Identity Federation Patterns with WSO2 Identity Server​
Identity Federation Patterns with WSO2 Identity Server​
 
Cyber Security Week 2015: Get involved and contribute
Cyber Security Week 2015: Get involved and contributeCyber Security Week 2015: Get involved and contribute
Cyber Security Week 2015: Get involved and contribute
 
[Fortifier] Reliable Software Engineering (Daria)
[Fortifier] Reliable Software Engineering (Daria)[Fortifier] Reliable Software Engineering (Daria)
[Fortifier] Reliable Software Engineering (Daria)
 
Neotel
Neotel Neotel
Neotel
 
Cl16 wit io_t
Cl16 wit io_tCl16 wit io_t
Cl16 wit io_t
 
Delivering the IoT ecosystem
Delivering the IoT ecosystemDelivering the IoT ecosystem
Delivering the IoT ecosystem
 
What in the World is Going on at The Linux Foundation?
What in the World is Going on at The Linux Foundation?What in the World is Going on at The Linux Foundation?
What in the World is Going on at The Linux Foundation?
 
IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security
 
ARM Bryan Lawrence at Smart Homes 2013 Cambridge
ARM Bryan Lawrence at Smart Homes 2013 CambridgeARM Bryan Lawrence at Smart Homes 2013 Cambridge
ARM Bryan Lawrence at Smart Homes 2013 Cambridge
 
Spo2 r33
Spo2 r33Spo2 r33
Spo2 r33
 
Smart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter OrganizationsSmart Tech = Smart Organizations : Building Smarter Organizations
Smart Tech = Smart Organizations : Building Smarter Organizations
 

Similar to Development of secure and qualitative applications delivered by improved and automated software development life cycle

CDN-workshop.pptx
CDN-workshop.pptxCDN-workshop.pptx
CDN-workshop.pptx
danap11
 
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Erkang Zheng
 
Cisco Internet of Things
Cisco Internet of ThingsCisco Internet of Things
Cisco Internet of Things
Panduit
 
Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)
Rafael Maranon
 
EENA2019: Track2 session1 UK initiative to provide access to cybersecurity tr...
EENA2019: Track2 session1 UK initiative to provide access to cybersecurity tr...EENA2019: Track2 session1 UK initiative to provide access to cybersecurity tr...
EENA2019: Track2 session1 UK initiative to provide access to cybersecurity tr...
EENA (European Emergency Number Association)
 
IPTCC BROCHURE COURSES WE OFFER AT OUR SCHOOL KCA UNIVERSITY
IPTCC BROCHURE COURSES WE OFFER AT OUR SCHOOL KCA UNIVERSITYIPTCC BROCHURE COURSES WE OFFER AT OUR SCHOOL KCA UNIVERSITY
IPTCC BROCHURE COURSES WE OFFER AT OUR SCHOOL KCA UNIVERSITY
codexthika
 
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Canada
 
[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World
[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World
[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World
WSO2
 
Ccna security
Ccna securityCcna security
Ccna security
dkaya
 
Cisco connect winnipeg 2018 accelerating the secure digital business throug...
Cisco connect winnipeg 2018 accelerating the secure digital business throug...Cisco connect winnipeg 2018 accelerating the secure digital business throug...
Cisco connect winnipeg 2018 accelerating the secure digital business throug...
Cisco Canada
 
IoT System SalesBytes Overview Final
IoT System SalesBytes Overview FinalIoT System SalesBytes Overview Final
IoT System SalesBytes Overview Final
Sarah Reinbolt, MBA
 
Cisco and F5 accelerate Application Delivery
Cisco and F5 accelerate Application DeliveryCisco and F5 accelerate Application Delivery
Cisco and F5 accelerate Application Delivery
Shashi Kiran
 
IoT World Forum Press Conference - 10.14.2014
IoT World Forum Press Conference - 10.14.2014IoT World Forum Press Conference - 10.14.2014
IoT World Forum Press Conference - 10.14.2014
Bessie Wang
 
Cities of the Future: Where The Internet of Everything is Connecting the Unco...
Cities of the Future: Where The Internet of Everything is Connecting the Unco...Cities of the Future: Where The Internet of Everything is Connecting the Unco...
Cities of the Future: Where The Internet of Everything is Connecting the Unco...
International Society of Service Innovation Professionals
 
QA Fest 2019. Ирина Бондарук. Breaking into information security
QA Fest 2019. Ирина Бондарук. Breaking into information securityQA Fest 2019. Ирина Бондарук. Breaking into information security
QA Fest 2019. Ирина Бондарук. Breaking into information security
QAFest
 
Webinar–AppSec: Hype or Reality
Webinar–AppSec: Hype or RealityWebinar–AppSec: Hype or Reality
Webinar–AppSec: Hype or Reality
Synopsys Software Integrity Group
 
Product security program slideshare
Product security program slideshareProduct security program slideshare
Product security program slideshare
Amir Einav
 
"DOKU under the hood : Infrastructure and Cloud Services Technology" by M. T...
"DOKU under the hood : Infrastructure and Cloud Services Technology" by M. T..."DOKU under the hood : Infrastructure and Cloud Services Technology" by M. T...
"DOKU under the hood : Infrastructure and Cloud Services Technology" by M. T...
Tech in Asia ID
 
101 Use Cases for IoT
101 Use Cases for IoT101 Use Cases for IoT
101 Use Cases for IoT
Cisco Canada
 
Building Up Network Security: An Introduction
Building Up Network Security: An Introduction Building Up Network Security: An Introduction
Building Up Network Security: An Introduction
Global Knowledge Training
 

Similar to Development of secure and qualitative applications delivered by improved and automated software development life cycle (20)

CDN-workshop.pptx
CDN-workshop.pptxCDN-workshop.pptx
CDN-workshop.pptx
 
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
 
Cisco Internet of Things
Cisco Internet of ThingsCisco Internet of Things
Cisco Internet of Things
 
Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)
 
EENA2019: Track2 session1 UK initiative to provide access to cybersecurity tr...
EENA2019: Track2 session1 UK initiative to provide access to cybersecurity tr...EENA2019: Track2 session1 UK initiative to provide access to cybersecurity tr...
EENA2019: Track2 session1 UK initiative to provide access to cybersecurity tr...
 
IPTCC BROCHURE COURSES WE OFFER AT OUR SCHOOL KCA UNIVERSITY
IPTCC BROCHURE COURSES WE OFFER AT OUR SCHOOL KCA UNIVERSITYIPTCC BROCHURE COURSES WE OFFER AT OUR SCHOOL KCA UNIVERSITY
IPTCC BROCHURE COURSES WE OFFER AT OUR SCHOOL KCA UNIVERSITY
 
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...Cisco Connect Halifax 2018 Accelerating the secure digital business through...
Cisco Connect Halifax 2018 Accelerating the secure digital business through...
 
[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World
[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World
[WSO2 Open Banking & Security Forum Mexico 2019] API-Driven World
 
Ccna security
Ccna securityCcna security
Ccna security
 
Cisco connect winnipeg 2018 accelerating the secure digital business throug...
Cisco connect winnipeg 2018 accelerating the secure digital business throug...Cisco connect winnipeg 2018 accelerating the secure digital business throug...
Cisco connect winnipeg 2018 accelerating the secure digital business throug...
 
IoT System SalesBytes Overview Final
IoT System SalesBytes Overview FinalIoT System SalesBytes Overview Final
IoT System SalesBytes Overview Final
 
Cisco and F5 accelerate Application Delivery
Cisco and F5 accelerate Application DeliveryCisco and F5 accelerate Application Delivery
Cisco and F5 accelerate Application Delivery
 
IoT World Forum Press Conference - 10.14.2014
IoT World Forum Press Conference - 10.14.2014IoT World Forum Press Conference - 10.14.2014
IoT World Forum Press Conference - 10.14.2014
 
Cities of the Future: Where The Internet of Everything is Connecting the Unco...
Cities of the Future: Where The Internet of Everything is Connecting the Unco...Cities of the Future: Where The Internet of Everything is Connecting the Unco...
Cities of the Future: Where The Internet of Everything is Connecting the Unco...
 
QA Fest 2019. Ирина Бондарук. Breaking into information security
QA Fest 2019. Ирина Бондарук. Breaking into information securityQA Fest 2019. Ирина Бондарук. Breaking into information security
QA Fest 2019. Ирина Бондарук. Breaking into information security
 
Webinar–AppSec: Hype or Reality
Webinar–AppSec: Hype or RealityWebinar–AppSec: Hype or Reality
Webinar–AppSec: Hype or Reality
 
Product security program slideshare
Product security program slideshareProduct security program slideshare
Product security program slideshare
 
"DOKU under the hood : Infrastructure and Cloud Services Technology" by M. T...
"DOKU under the hood : Infrastructure and Cloud Services Technology" by M. T..."DOKU under the hood : Infrastructure and Cloud Services Technology" by M. T...
"DOKU under the hood : Infrastructure and Cloud Services Technology" by M. T...
 
101 Use Cases for IoT
101 Use Cases for IoT101 Use Cases for IoT
101 Use Cases for IoT
 
Building Up Network Security: An Introduction
Building Up Network Security: An Introduction Building Up Network Security: An Introduction
Building Up Network Security: An Introduction
 

More from ScaleFocus

ScaleFocus Security Conference Part 2
ScaleFocus Security Conference Part 2ScaleFocus Security Conference Part 2
ScaleFocus Security Conference Part 2
ScaleFocus
 
Prevent Security Breaches Before They Happen - ScaleFocus Security Conference...
Prevent Security Breaches Before They Happen - ScaleFocus Security Conference...Prevent Security Breaches Before They Happen - ScaleFocus Security Conference...
Prevent Security Breaches Before They Happen - ScaleFocus Security Conference...
ScaleFocus
 
ScaleFocus in talks with target, more acquisitions in the pipeline
ScaleFocus in talks with target, more acquisitions in the pipelineScaleFocus in talks with target, more acquisitions in the pipeline
ScaleFocus in talks with target, more acquisitions in the pipeline
ScaleFocus
 
ScaleFocus DACH Expertise
ScaleFocus DACH ExpertiseScaleFocus DACH Expertise
ScaleFocus DACH Expertise
ScaleFocus
 
ScaleFocus eCommerce and Retail Expertise
ScaleFocus eCommerce and Retail ExpertiseScaleFocus eCommerce and Retail Expertise
ScaleFocus eCommerce and Retail Expertise
ScaleFocus
 
ScaleFocus Telco expertise
ScaleFocus Telco expertiseScaleFocus Telco expertise
ScaleFocus Telco expertise
ScaleFocus
 
ScaleFocus Insurance portfolio
ScaleFocus Insurance portfolioScaleFocus Insurance portfolio
ScaleFocus Insurance portfolio
ScaleFocus
 
ScaleFocus Finance
ScaleFocus FinanceScaleFocus Finance
ScaleFocus Finance
ScaleFocus
 
To Brexit or to techxit - that is the question, Lyubomira Mihaylova
To Brexit or to techxit - that is the question, Lyubomira MihaylovaTo Brexit or to techxit - that is the question, Lyubomira Mihaylova
To Brexit or to techxit - that is the question, Lyubomira Mihaylova
ScaleFocus
 
ScaleFocus Digital Transformation in Finance Expertise
ScaleFocus Digital Transformation in Finance ExpertiseScaleFocus Digital Transformation in Finance Expertise
ScaleFocus Digital Transformation in Finance Expertise
ScaleFocus
 
Mobility solutions brochure ScaleFocus
Mobility solutions brochure ScaleFocusMobility solutions brochure ScaleFocus
Mobility solutions brochure ScaleFocus
ScaleFocus
 
Big Data: Are you ready for it? Can you handle it?
Big Data: Are you ready for it? Can you handle it? Big Data: Are you ready for it? Can you handle it?
Big Data: Are you ready for it? Can you handle it?
ScaleFocus
 
The Predictive Imperative - Plan and Forecast Your Business
The Predictive Imperative - Plan and Forecast Your BusinessThe Predictive Imperative - Plan and Forecast Your Business
The Predictive Imperative - Plan and Forecast Your Business
ScaleFocus
 
ScaleFocus - IBM Solutions for Finance - Turn Data Into Customer Loyalty
ScaleFocus - IBM Solutions for Finance - Turn Data Into Customer LoyaltyScaleFocus - IBM Solutions for Finance - Turn Data Into Customer Loyalty
ScaleFocus - IBM Solutions for Finance - Turn Data Into Customer Loyalty
ScaleFocus
 
ScaleFocus- Business Analysis in SOA and Integration Projects
ScaleFocus- Business Analysis in SOA and Integration ProjectsScaleFocus- Business Analysis in SOA and Integration Projects
ScaleFocus- Business Analysis in SOA and Integration Projects
ScaleFocus
 
ScaleFocus Telecom Roaming Regulations
ScaleFocus Telecom Roaming RegulationsScaleFocus Telecom Roaming Regulations
ScaleFocus Telecom Roaming Regulations
ScaleFocus
 
Netezza IBM Forum
Netezza IBM ForumNetezza IBM Forum
Netezza IBM Forum
ScaleFocus
 

More from ScaleFocus (17)

ScaleFocus Security Conference Part 2
ScaleFocus Security Conference Part 2ScaleFocus Security Conference Part 2
ScaleFocus Security Conference Part 2
 
Prevent Security Breaches Before They Happen - ScaleFocus Security Conference...
Prevent Security Breaches Before They Happen - ScaleFocus Security Conference...Prevent Security Breaches Before They Happen - ScaleFocus Security Conference...
Prevent Security Breaches Before They Happen - ScaleFocus Security Conference...
 
ScaleFocus in talks with target, more acquisitions in the pipeline
ScaleFocus in talks with target, more acquisitions in the pipelineScaleFocus in talks with target, more acquisitions in the pipeline
ScaleFocus in talks with target, more acquisitions in the pipeline
 
ScaleFocus DACH Expertise
ScaleFocus DACH ExpertiseScaleFocus DACH Expertise
ScaleFocus DACH Expertise
 
ScaleFocus eCommerce and Retail Expertise
ScaleFocus eCommerce and Retail ExpertiseScaleFocus eCommerce and Retail Expertise
ScaleFocus eCommerce and Retail Expertise
 
ScaleFocus Telco expertise
ScaleFocus Telco expertiseScaleFocus Telco expertise
ScaleFocus Telco expertise
 
ScaleFocus Insurance portfolio
ScaleFocus Insurance portfolioScaleFocus Insurance portfolio
ScaleFocus Insurance portfolio
 
ScaleFocus Finance
ScaleFocus FinanceScaleFocus Finance
ScaleFocus Finance
 
To Brexit or to techxit - that is the question, Lyubomira Mihaylova
To Brexit or to techxit - that is the question, Lyubomira MihaylovaTo Brexit or to techxit - that is the question, Lyubomira Mihaylova
To Brexit or to techxit - that is the question, Lyubomira Mihaylova
 
ScaleFocus Digital Transformation in Finance Expertise
ScaleFocus Digital Transformation in Finance ExpertiseScaleFocus Digital Transformation in Finance Expertise
ScaleFocus Digital Transformation in Finance Expertise
 
Mobility solutions brochure ScaleFocus
Mobility solutions brochure ScaleFocusMobility solutions brochure ScaleFocus
Mobility solutions brochure ScaleFocus
 
Big Data: Are you ready for it? Can you handle it?
Big Data: Are you ready for it? Can you handle it? Big Data: Are you ready for it? Can you handle it?
Big Data: Are you ready for it? Can you handle it?
 
The Predictive Imperative - Plan and Forecast Your Business
The Predictive Imperative - Plan and Forecast Your BusinessThe Predictive Imperative - Plan and Forecast Your Business
The Predictive Imperative - Plan and Forecast Your Business
 
ScaleFocus - IBM Solutions for Finance - Turn Data Into Customer Loyalty
ScaleFocus - IBM Solutions for Finance - Turn Data Into Customer LoyaltyScaleFocus - IBM Solutions for Finance - Turn Data Into Customer Loyalty
ScaleFocus - IBM Solutions for Finance - Turn Data Into Customer Loyalty
 
ScaleFocus- Business Analysis in SOA and Integration Projects
ScaleFocus- Business Analysis in SOA and Integration ProjectsScaleFocus- Business Analysis in SOA and Integration Projects
ScaleFocus- Business Analysis in SOA and Integration Projects
 
ScaleFocus Telecom Roaming Regulations
ScaleFocus Telecom Roaming RegulationsScaleFocus Telecom Roaming Regulations
ScaleFocus Telecom Roaming Regulations
 
Netezza IBM Forum
Netezza IBM ForumNetezza IBM Forum
Netezza IBM Forum
 

Recently uploaded

Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
OECD Directorate for Financial and Enterprise Affairs
 
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussion
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussionPro-competitive Industrial Policy – LANE – June 2024 OECD discussion
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussion
OECD Directorate for Financial and Enterprise Affairs
 
nationalismineurope-230420140400-1c53f60e.pptx
nationalismineurope-230420140400-1c53f60e.pptxnationalismineurope-230420140400-1c53f60e.pptx
nationalismineurope-230420140400-1c53f60e.pptx
silki0908
 
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdfWhy Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Ben Linders
 
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
gpww3sf4
 
Carrer goals.pptx and their importance in real life
Carrer goals.pptx and their importance in real lifeCarrer goals.pptx and their importance in real life
Carrer goals.pptx and their importance in real life
artemacademy2
 
The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...
The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...
The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...
OECD Directorate for Financial and Enterprise Affairs
 
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussionArtificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
OECD Directorate for Financial and Enterprise Affairs
 
XP 2024 presentation: A New Look to Leadership
XP 2024 presentation: A New Look to LeadershipXP 2024 presentation: A New Look to Leadership
XP 2024 presentation: A New Look to Leadership
samililja
 
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
OECD Directorate for Financial and Enterprise Affairs
 
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
OECD Directorate for Financial and Enterprise Affairs
 
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
OECD Directorate for Financial and Enterprise Affairs
 
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdfBRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
Robin Haunschild
 
Using-Presentation-Software-to-the-Fullf.pptx
Using-Presentation-Software-to-the-Fullf.pptxUsing-Presentation-Software-to-the-Fullf.pptx
Using-Presentation-Software-to-the-Fullf.pptx
kainatfatyma9
 
Competition and Regulation in Professions and Occupations – ROBSON – June 202...
Competition and Regulation in Professions and Occupations – ROBSON – June 202...Competition and Regulation in Professions and Occupations – ROBSON – June 202...
Competition and Regulation in Professions and Occupations – ROBSON – June 202...
OECD Directorate for Financial and Enterprise Affairs
 
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussion
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussionPro-competitive Industrial Policy – OECD – June 2024 OECD discussion
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussion
OECD Directorate for Financial and Enterprise Affairs
 
IEEE CIS Webinar Sustainable futures.pdf
IEEE CIS Webinar Sustainable futures.pdfIEEE CIS Webinar Sustainable futures.pdf
IEEE CIS Webinar Sustainable futures.pdf
Claudio Gallicchio
 
ServiceNow CIS-ITSM Exam Dumps & Questions [2024]
ServiceNow CIS-ITSM Exam Dumps & Questions [2024]ServiceNow CIS-ITSM Exam Dumps & Questions [2024]
ServiceNow CIS-ITSM Exam Dumps & Questions [2024]
SkillCertProExams
 
The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
The Intersection between Competition and Data Privacy – COLANGELO – June 2024...The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
OECD Directorate for Financial and Enterprise Affairs
 
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
OECD Directorate for Financial and Enterprise Affairs
 

Recently uploaded (20)

Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
 
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussion
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussionPro-competitive Industrial Policy – LANE – June 2024 OECD discussion
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussion
 
nationalismineurope-230420140400-1c53f60e.pptx
nationalismineurope-230420140400-1c53f60e.pptxnationalismineurope-230420140400-1c53f60e.pptx
nationalismineurope-230420140400-1c53f60e.pptx
 
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdfWhy Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
 
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
 
Carrer goals.pptx and their importance in real life
Carrer goals.pptx and their importance in real lifeCarrer goals.pptx and their importance in real life
Carrer goals.pptx and their importance in real life
 
The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...
The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...
The Intersection between Competition and Data Privacy – CAPEL – June 2024 OEC...
 
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussionArtificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
 
XP 2024 presentation: A New Look to Leadership
XP 2024 presentation: A New Look to LeadershipXP 2024 presentation: A New Look to Leadership
XP 2024 presentation: A New Look to Leadership
 
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
 
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
Artificial Intelligence, Data and Competition – ČORBA – June 2024 OECD discus...
 
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
 
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdfBRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
 
Using-Presentation-Software-to-the-Fullf.pptx
Using-Presentation-Software-to-the-Fullf.pptxUsing-Presentation-Software-to-the-Fullf.pptx
Using-Presentation-Software-to-the-Fullf.pptx
 
Competition and Regulation in Professions and Occupations – ROBSON – June 202...
Competition and Regulation in Professions and Occupations – ROBSON – June 202...Competition and Regulation in Professions and Occupations – ROBSON – June 202...
Competition and Regulation in Professions and Occupations – ROBSON – June 202...
 
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussion
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussionPro-competitive Industrial Policy – OECD – June 2024 OECD discussion
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussion
 
IEEE CIS Webinar Sustainable futures.pdf
IEEE CIS Webinar Sustainable futures.pdfIEEE CIS Webinar Sustainable futures.pdf
IEEE CIS Webinar Sustainable futures.pdf
 
ServiceNow CIS-ITSM Exam Dumps & Questions [2024]
ServiceNow CIS-ITSM Exam Dumps & Questions [2024]ServiceNow CIS-ITSM Exam Dumps & Questions [2024]
ServiceNow CIS-ITSM Exam Dumps & Questions [2024]
 
The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
The Intersection between Competition and Data Privacy – COLANGELO – June 2024...The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
 
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
 

Development of secure and qualitative applications delivered by improved and automated software development life cycle

  • 1. Radostina Kondakova & Stoyan Iliev ScaleFocus Development of secure and qualitative applications delivered by improved and automated software development life cycle
  • 2. Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 2 • Senior Security Operations Engineers in ScaleFocus Information Security team • Passionate Cyber Security Enthusiasts • Dedicated to the team About us
  • 3. Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 3 1. The "What", the "Why" and the "Where" of Cyber Security 2. Implementation of Security in the Software development life cycle (SSDLC) 3. Security Benefits of Infrastructure as a code (IaaC) 4. Q&A Agenda
  • 4. The "What" Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 4 The "Why" The "Where" Protects data and integrity of computing assets Civilization moving towards the Digital world From the start of negotiating, requirements and passing through all the steps in development
  • 5. Implementing of Security in SDLC(SSDLC)​ Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 5 Software Development Cycle REQUIREMENTS & PLANNING Security Requirements Assurance Methodologies Standards & Frameworks 1 ANALYSIS Risk Analysis Building Checklists Security Baseline 2 Secure Design Principles Security Controls Threat Modeling DESIGN 3 IMPLEMENTATION Secure Coding Practices Static & Dynamic Code Analysis Secure Code Reviews 4 TESTING & INTEGRATION Security Testing Tools Review & Response Process Security Bug Handling 5 Patch Management 3rd Party Library Upgrades Disposal Policy MAINTENANCE 6
  • 6. Threat Modeling Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 6 Define Diagram Identify Mitigate Validate
  • 7. Benefits of Threat Modeling • Identifies Threats • Prioritization of threats • Applicable for all phases of SDLC • All team members are involved • Provides knowledge Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 7
  • 8. Demo Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 8
  • 9.
  • 10. Infrastructure as code (IaaC) Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 10
  • 11. • Motivations • Security Challenges Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 11 • Key Practices • Security Stages to address • Conclusion Security benefits of infrastructure as code
  • 12. Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 12 Increase Agility and Speed Increase Security Reduce and Control Cost Secure Motivations
  • 13. Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 13 Configuration Drift Human ErrorsServer Sprawl Security Challenges Service Provider Reliability Vendor lock-inCost
  • 14. IaC Key Practices • Codify everything • Document as little as possible • Maintain version control • Continuously test, integrate, and deploy • Make your infrastructure code modular • Make your infrastructure immutable (when possible) Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 14
  • 15. Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 15 Security Stages to address Security Design Manual security assessment Continuous monitoring of live environments Deploying and testing in sandbox environments Static (infrastructure) code analysis prior to deployment
  • 16. Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 16 Conclusion
  • 17. Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 17
  • 18. Thank you Stoyan Iliev stoyan.iliev@scalefocus.com LinkedIn Radostina Kondakova & Stoyan Iliev QuBit Conference Sofia 2019| 18 Radostina Kondakova radostina.kondakova@scalefocus.com LinkedIn

Editor's Notes

  1. WHAT - Cyber security protects the data and integrity of computing assets belonging to or connecting to an organization's network. Its purpose is to defend those assets against all threat actors throughout the entire life cycle of a cyber attack. Cyber security demands focus and dedication Or Cat and mouse game, played between the business/government and the hackers. WHY - Civilization moving towards the Digital world.; The cost of data breaches is rising.; Tighter regulations.; Increasingly sophisticated hackers.; Hacking tools are becoming widely available.; A proliferation of IoT devices. WHERE - Security could not be and should not be implemented in the last steps of development.; Cyber Security should take place from the beginning, starting from negotiating and requirements and passing through all the steps in development.; It does not come by default, it takes extra effort  and time.; All team members get involved in the process.
  2. 1. Planning Security Requirements   Requirements for your requirements. What kinds of vulnerabilities are you looking to prevent? Assurance Methodologies  Define ways for preventing mistakes and defects Standards & Frameworks Define Coding Standards, Frameworks, libraries and other tools which will be used. 2. Analysis Risk Analysis Identify and assess factors that may jeopardize the success of your project and achieving your goal. Building Checklists Starting point to review information security related to the systems and services. Security Baseline  Set of basic security objectives which must be met. 3. Design Secure Design Principles  Various combinations technics to achieve previously defined aspects of security architectural models. Security Controls Safeguards or countermeasures to avoid, detect, counteract, or minimize security risks. Threat Modeling Process in which potential threats, can be identified, enumerated, and mitigations can be prioritized. 4. Implementation Secure Coding Practices   Focus is on secure coding requirements, rather then on vulnerabilities and exploits. Secure Code Reviews   Defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities. Static & Dynamic Code Analysist   Detection of vulnerabilities and functional errors in deployed or soon-to-be deployed software. 5. Testing and Integration  Security Testing ToolS  Define needed tools and infrastructures in order to perform proper security testing. Review & Response of Process & Security Bug Handling   Processes  used to identify security-related issues, level of risk associated with those issues, and make informed decisions about risk mitigation or acceptance. 6. Maintenance  Patch Management  By promptly installing the necessary patches, system crashes and security breaches can be significantly reduced. 3rd Party Library Upgrades   Maintaining not updated 3rd party recourses is one of the main reason for breaches Disposal Policy  Secure disposal of equipment owned by the organization but no longer required. 
  3. Speed –  Get something to market quickly  Iterate it  Continuously improve it Danger –  Security  Performance Stability Compliance  Maintainability The goal is to make changes rapidly, frequently and responsibly High quality services rely on the ability to make changes quickly and securely 
  4. Speed –  Get something to market quickly  Iterate it  Continuously improve it Danger –  Security  Performance Stability Compliance  Maintainability The goal is to make changes rapidly, frequently and responsibly High quality services rely on the ability to make changes quickly and securely