Security is a process, not something that can be achieved magically with a single solution. The document discusses several security principles for software such as managing security risks, being reluctant to trust, practicing defense in depth, staying up to date, and securing the weakest link. It emphasizes that security requires an ongoing process rather than assuming a single plugin or solution makes one fully protected. Resources on security processes and practices are provided for further learning.

1. SECURITY IS A PROCESS,
NOT A MAGIC
CAHYO DARUJATI | @idx-incubator
Surabaya, 12 Pebruari 2019

2. About Me
•AKADEMISI
Dosen Fakultas Ilmu
Komputer Universitas
Narotama.
•PRAKTISI
Corporate Consultant
PT. Piramida Teknologi
Informasi.

3. INTRODUCTION TO SECURITY
THE ENEMY

5. “I have just a small Apps*.
Who cares?”

7. INTRODUCTION TO SECURITY
THE IMPACT

9. INTRODUCTION TO SECURITY
OUR GOALS

11. “I have installed a magic*
for security. I’m good.”

13. SECURITY PRINCIPLES
1. MANAGE SECURITY RISK

17. http://www.vmwareminds.com

18. SECURITY PRINCIPLES
2. BE RELUCTANT TO TRUST

19. Mobile App Security Threats

22. SECURITY PRINCIPLES
3. PRACTICE DEFENCE IN DEPTH

24. Application Architecture

25. SECURITY PRINCIPLES
4. STAY UP TO DATE

29. IS
WEB APPS
SECURE?

31. SECURITY PRINCIPLES
5. SECURE THE WEAKEST LINK

35. RESOURCES
NEXT?

36. SECURITY & SOFTWARE
✓The Process of Security (Bruce Schneier)
✓The Basics of Web Application Security (Cade Cairns, Daniel
Somerfield)
✓Secure Coding Patterns (Andreas Hallberg)
✓Security is A Process, not a Plugin (Thomas Vitale)
✓OWASP Top 10 Most Critical Web Application Security Risks – 2017
✓Software Security: Building Security In, Gary McGraw
✓Building Secure Software: How to Avoid Security Problems the Right
Way, John Viega and Gary McGraw

37. SECURITY IS A PROCESS,
NOT A MAGIC
Cahyo Darujati | cahyo@ronar.net
This work is licensed under a Creative Commons Attribution 4.0 International License.
Images source: Pexels