This document outlines an agenda for a presentation on the OWASP Security Knowledge Framework (SKF). The presentation introduces SKF and its goals of integrating security into the software development life cycle. It discusses how SKF provides guidance to developers on secure coding practices. The presentation demonstrates SKF and shows how it can be used with continuous integration tools. It encourages developers to get involved in making SKF widely adopted to help strengthen security across development teams.

1. Glenn ten Cate Riccardo ten Cate
1
Project leaders & Authors of OWASP-SKF

2. Agenda
• Why?
• Software (AND Security) development life cycle
2
Evil and automated ownage
2

3. Agenda
• Why?
• Software (AND Security) development life cycle
3
Developer, you are the one
3

4. Agenda
• Why?
• Software (AND Security) development life cycle
4
Coding mistakes, déjà vu.
4

5. Agenda
• Why?
• Software (AND Security) development life cycle
5
Barely hanging on …
5

6. Agenda
• Why?
• Software (AND Security) development life cycle
6
But there is always an option!
6

7. Agenda
• Why?
• Software (AND Security) development life cycle
7
There are ways to learn!
7

8. • Worldwide not-for-profit charitable.
• Our mission is to make software security visible, so that
individuals and organizations worldwide can make
informed decisions about true software security risks.
8

9. Agenda
• Why?
• Software (AND Security) development life cycle
9
Be responsible for your code.
9

10. Verify your code
• ASVS lvl1 Opportunistic
It adequately defends against application security vulnerabilities
that are easy to discover.
• ASVS lvl2 Standard
It adequately defends against prevalent application security
vulnerabilities whose existence poses moderate-to-serious risk.
• ASVS lvl3 Advanced
It adequately defends against all advanced application security
vulnerabilities, and also demonstrates principles of good security
design.
10

11. Agenda
• Why?
• Software (AND Security) development life cycle
11
And now the blind can see.
11

12. What is S.K.F
• Guide to secure programming
By adapting your design to security, not securing your design
• Security awareness
It informs you about threats even before you wrote a single line of
code.
• Clear and transparent
Provides information applicable for your specific needs on the spot.
12

13. Demo
13

14. Agenda
• Why?
• Software (AND Security) development life cycle
14
You know this, you are ready.
14

15. SDLC MANUAL
• OWASP-SKF
• Software Development Life Cycle
• Code review
• SAST
• DAST
15

16. SDLC CI
• OWASP-SKF
• Software Development Life Cycle
• Travis CI
• Coveralls CI
• Scrutinizer CI
• And more...
16

17. Agenda
• Why?
• Software (AND Security) development life cycle
17
GitHub
• https://github.com/blabla1337/skf-flask
17

18. Agenda
• Why?
• Software (AND Security) development life cycle
18
GitHub
• https://github.com/blabla1337/skf-flask
18

19. Agenda
• Why?
• Software (AND Security) development life cycle
19
You have the skills …
19

20. Agenda
• Why?
• Software (AND Security) development life cycle
20
… you are the one.
20

21. Getting involved?
• OWASP
https://www.owasp.org/index.php/OWASP_Security_Knowledge_Framework
• Website
www.secureby.design
Together we can make it big, strong and helpful!
21

22. Agenda
• Why?
• Software (AND Security) development life cycle
22
You are only as strong as the
weakest developer in your team.
22

23. 23
Questions?
https://gitter.im/Security-Knowledge-Framework/Lobby