Software Security Engineering
•Download as PPT, PDF•
13 likes•3,446 views
The document discusses approaches to building secure web applications, including establishing software security processes and maturity levels. It covers security activities like threat modeling, defining security requirements, secure coding standards, security testing, and metrics. Business cases for software security focus on reducing costs of vulnerabilities, threats to web apps, and root causes being application vulnerabilities and design flaws.
![Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to Software Security Engineering
Similar to Software Security Engineering (20)
More from Marco Morana
More from Marco Morana (20)
Recently uploaded
Recently uploaded (20)
Software Security Engineering
- 1. Software Security Engineering and Risk Management Processes to Build Secure Web Applications Marco Morana OWASP Chapter Lead Rochester Security Summit 29-30 October 2008 Cincinnati Chapter Meetings
- 3. Software Security Awareness Business Cases
- 4. Initial Business Cases For Software Security Avoid Mis-Information: Fear Uncertainty Doubt (FUD) Use Business Cases: Costs, Threat Reports, Root Causes
- 8. Approaches To Application Security
- 9. The “Know But Ignore” Approach: Do Not Act
- 10. The Reactive Approach: Act After The Fact 5 Go Fix Security Bugs! ? ?
- 11. Tactical View: Finding Vulnerabilities Automated Vulnerability Scanning Automated Static Code Analysis Manual Penetration Testing Manual Code Review
- 12. Strategic View: Manage Software Risks
- 13. Holistic View: Software vs. Application Security Security applied by catch and patches Security built into each phase of the SDLC Look at root problem causes Look at external symptoms Reactive, Incident Response, Compliance Proactive, Threat Modeling, Secure Code Reviews
- 16. Software Security Initiative : Maturity Levels
- 18. Security-enhanced lifecycle process (S-SDLC) models: MS-SDL, Cigital TP and CLASP
- 19. Building Security In the Waterfall SDLC Threat Modeling Secure Requirements Secure Code Reviews Security Testing
- 20. Build Security in Agile SDLC Periodic Security Sprints Threat Model Stakeholder Security Stories Application Security Assurance Review Periodic Security Sprints {
- 21. Security Requirements and Abuse Cases
- 24. Security Requirements Derivation Through Use and Misuse Cases Source: OWASP Testing Guide Vs 3 Introduction
- 25. Threat Modeling
- 27. System Modeling: Data Flow Diagrams Source: Threat Modeling Dr James Walden
- 28. Threats and Countermeasures Identification Source: OWASP TM
- 29. Threat Modeling in the SDLC
- 32. Secure Coding Standards and Secure Code Reviews
- 37. Security Tests
- 41. Secure Configuration And Deployment
- 46. Examples of Security Metrics: Trailing MS Bulletins
- 48. Business Case