SlideShare a Scribd company logo

Efficient Secure Framework

LabSharegroup
LabSharegroup

Our security focused software development services specializing in helping company leaders like yourself. We promise to get your software development two times quicker and security focused so you have more time to do new releases, and other things you need to do. Interested in getting your company brand secured by an experienced team that knows the way? Customers love how easy to start with Java OSGi development framework. The big benefit is that it helps business leaders, managers to control more about software design, security related risks. They can identify immediately what risks have about the product, which features are risky, and much more. This helps them change their development process to match the security standards, ultimately increasing company brand recognition and generating more sales.

Software
1 of 17
Download to read offline
AN EFFICIENT SECURE SOFTWARE DEVELOPMENT FRAMEWORK
CONTENT THE TOOLSET: OSGI & THE EVERIT FRAMEWORK Cleaner the code - healthier the software Decreasing complexity - fail proof operation Streamlined development - bulletproof application THE METHODOLOGY Design Analysis, precautions Processes under control Shorter iteration, fewer bugfixes Authenticity and undeniability Awareness, vigilance Corresponding partnership 1
Before we start to introduce our solution, let’s clarify what we mean when we are talking about secure software develop- ment. In our opinion, this means to keep our eyes on certain se- curity requirements during the whole development project., which also means that we actually do have some security requirements. On the other hand, we have to consider these requirements also when we choose our toolset, and later during the utili- zation of these tools. In short, it is all about the proper tool used in a suitable way. SECURE SOFTWARE DEVELOPMENT THE EVERIT WAY 2
In our case the chosen tool is the EverIT framework, built on the Java OSGi platform. Even the Java language, or the OSGi platform itself could be the subject of a security analysis, but this is not what we are aiming for here. We would like to focus on our own experiences, which were collected during our security sensitive projects. Namely the OSGi platform itself can not be called secure, but it provides many possibilities, through which an OSGi based product can be made secure. The complete list of the advantages of the OSGi platform will not be listed here either, as it can be reached under the OSGi Alliance site. The following parts of this document will guide you through the essence of our experiences. THE TOOLSET OSGI & THE EVERIT FRAMEWORK 3
In recent years we have had a few projects, where the initial Java EE platform was changed to OSGi during the implementation phase, and we had very impressive re- sults each time. In these projects our lead developers experienced that the modular architecture helped us produce cleaner code, thanks to the conventions of OSGi. So during the process of code reviews it was much easier to notice the details (placed by accident or even on purpose) which could cause vulnerability. This could be complemented by a proper checkstyle policy and a well configured CI (continuous integration) system, but this is rather to do with the cut back on the overload which typically affects our lead developers. So altogether it is beneficial, because with these tools a better code coverage is available during the reviews and even the review can be deeper and more effective. Not to mention that the system administrators get a more easi- ly maintainable application, so the filtration of a malware activity or a noxious code-snippet could be more efficient. CLEANER THE CODE HEALTHIER THE SOFTWARE 4
According to our benchmark results, using the OSGi technology and our self-developed framework, we could reach one, and in some cases even two magnitude better response time compared to a traditional Java EE applica- tion. So the system’s load bearing capacity can be higher, and that is how they can be considered more protected against dos and ddos attacks. Of course there is no system (not even based on OSGi) which can not be flooded, but with a modular, OSGi ap- plication this threshold is higher, assuming the same amount of resource on the attacker side. On one hand, we could force the attackers to make some extra effort, which will make the target (our software or system) less tempting. On the other hand, we can gain some time for other defense mechanisms to start before the attackers reach their goal. Similarly, but on the failover side, a lightweight OSGi ap- plication with quicker booting process brings some extra confidence for the administrators compared to a mono- lithic, complex system. This factor could be mission criti- cal in case of a service with high availability and SLA. Furthermore, according to Amdahl’s law, the speedup of a given problem’s solution by parallelization is only pos- sible up to a certain point, so the benefits of OSGi will not disappear even if the availability of resources is relatively high. So in this case we can state that simplicity means security. DECREASING COMPLEXITY FAIL-PROOF OPERATION 5
Many years of continuous research and endeavour to- ward perfection led us so far, that we are not willing to compromise in certain cases. One such example is tech- nologies we use to ease and support development. Our experience shows that in this case less is often more. The more support or predefined comfort service you get from a tool or technology, the higher is the risk that you will find yourself in a tight dependency, and you could lose your competitive advantage very quickly if a critical bug emerges (and it will with a good chance). Probably every developer knows the helpless feeling, when a bug turns up in a third party code, out of his au- thority, and the application gets into a vulnerable state (and stays for a while) without anything we can do to find a solution. The less dependency from various technologies we have, the less exposed state we are in. This is what we believe in, and we try to use our self-developed framework in ev- ery possible case. STREAMLINED DEVELOPMENT BULLETPROOF APPLICATION 6
If we can not avoid taking an external dependency into our technology stack, it has to be a subject of an inspec- tion, just as accurate as if it were our own development. In this area we require the very same QA rules we do in case of internal development. As a result, many modules have been created under our framework, which are functionally equivalent to oth- er (well-known) competitors on the market, but to keep things under control can be priceless in certain cases. That (and of course the availability of customization) is why it is worth to make our own implementation of these elements. This is how we created our own OSGi based authorization and authentication (and many others) components in or- der to leave the Spring Framework. However the framework does not give a 100% coverage to all technologies and not every technology was written in an OSGi approach, so sometimes they can not be used in an OSGi environment. Therefore, when we receive a request we can not fulfill with our existing solutions, we have to count with some additional effort, financially and in time also. But at the end these efforts will result in better quality, and later it can help save some bugfix and some sleep- less nights for the team. STREAMLINED DEVELOPMENT BULLETPROOF APPLICATION 7
The tools described in the previous chapter are worth nothing if we do not use them in a suitable way, or if we make mistakes during the system design. That is why the methodology is so important from the se- curity point of view, maybe even more important than the tools themselves. Realizing this relevance we have introduced some proce- dures which help us produce a higher quality and more secure software. In some cases these are expanded to the whole organisa- tion, otherwise they are built in the development process. The origin of these procedures are the Common Criteria (CC) and the Agile/Scrum methodology, which two prin- ciples we managed to merge into our own hybrid project management technique in order to create custom soft- ware solutions with particular security regulations. The following chapters present a number of practical fea- tures of this technique. THE METHODOLOGY 8
The base of every development is a precise design, supported by a consistent technique, which also in- cludes a suitable toolset. At the design stage our choice was UML and Enterprise Architect, and we try to exploit the advantages of this versatile tool. However, we pay meticulous attention not to immerse in the design in such depth, which would obstruct the lean approach of the product development and the ag- ile organization of work. DESIGN 9
When developing web-based applications, we bring the OWASP list into sharp focus in the testing phase. However, it is also necessary to examine the possible vulnerability factors and hypothetical attack forms al- ready in the design phase. This allows us to build in the requisite controls and de- velop an application which will not fail later on the pen- etration tests. ANALYSIS & PRECAUTIONS 10
From the design cycle, through the implementation, testing and release sub-processes, we handle the mat- ter of traceability with top priority. We believe we found the perfect toolset to support this pursuit: Git for version control, and Jira for project and process management. Another key component of secure services or the se- cure software development is the existence of the con- venient staging process and the necessary staging en- vironment. The permission and access control management, in- stalled already at the beginning of a project, is also part of the practice. We managed to create without compro- mise nearly perfect conditions for this purpose, with the help of our self-operated server infrastructure. 11 PROCESSES UNDER CONTROL
We noticed at EverIT (and also at some partners where we work with the same methods) that Agile (e.g. Scrum) and Lean concepts help us bring down the product de- velopment costs and allows us to access the targeted market quicker. Beside this very important (but from a security point of view not so relevant) aspect, we had another exciting realization: Thanks to the more frequent version up- grades, the smaller release packages contain overall fewer bugs. And if a bug does turn up, the identification and cor- rection can be more effective and faster. This is the trait which is extremely relevant in the field of security. 12 SHORTER ITERATION FEWER BUGFIXES
Being the main technological partner of Netlock Ltd. the leading, qualified Certificate Authority in Hungary, we are especially proud of our PKI-related develop- ment know-how. In our custom development projects we provide differ- ent PKI solutions (the use of certificates, timestamps, etc.), which can grant authenticity and undeniability in accordance with customer needs. We have great expertise in building in such enhanced security controls into various functions. 13 AUTHENTICITY & UNDENIABILITY
The most typical point of failure is the human factor, so awareness, consciousness and preparedness of our colleagues is key. To keep this factor always in focus, the guarantee is our ISO27001 information security management system (ISMS), whose practical procedures include recurring security trainings, professional studies, and continuous self-inspection proceedings. 14 AWARENESS VIGILANCE
We work in close cooperation with a software security facility accredited by the OCSI, under the Italian Com- mon Criteria (CC) Scheme. The laboratory’s main profile is security support for software development and software evaluations up to EAL4+ level. During this partnership, we have managed to clarify a number of considerations and directives based on the CC. We strive to start all of our projects to be fit for the EAL4+ definition, and bring “methodically designed, tested, and reviewed” softwares into existence. 15 CORRESPONDING PARTNERSHIP
CONTACT US FOR A CONSULTATION: WEB: dosell.io EMAIL: tibor.zahorecz@dosell.io MOBILE: +36 30 836 4099 LET US HELP YOU WITH SECURE SOFTWARE DEVELOPMENT!

Recommended

5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaper5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaperwardell henley
 
10 Steps To Secure Agile Development
10 Steps To Secure Agile Development10 Steps To Secure Agile Development
10 Steps To Secure Agile DevelopmentCheckmarx
 
Security's DevOps Transformation
Security's DevOps TransformationSecurity's DevOps Transformation
Security's DevOps TransformationMichele Chubirka
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Rogue Wave Software
 
Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Klocwork
 
Strengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or lessStrengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or lessMohammed A. Imran
 
Penetration testing in agile software
Penetration testing in agile softwarePenetration testing in agile software
Penetration testing in agile softwareijcisjournal
 
SDLC & DevOps Transformation with Agile
SDLC & DevOps Transformation with AgileSDLC & DevOps Transformation with Agile
SDLC & DevOps Transformation with AgileAbdel Moneim Emad
 

Recommended

5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaper5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaperwardell henley
 
10 Steps To Secure Agile Development
10 Steps To Secure Agile Development10 Steps To Secure Agile Development
10 Steps To Secure Agile DevelopmentCheckmarx
 
Security's DevOps Transformation
Security's DevOps TransformationSecurity's DevOps Transformation
Security's DevOps TransformationMichele Chubirka
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Rogue Wave Software
 
Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Klocwork
 
Strengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or lessStrengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or lessMohammed A. Imran
 
Penetration testing in agile software
Penetration testing in agile softwarePenetration testing in agile software
Penetration testing in agile softwareijcisjournal
 
SDLC & DevOps Transformation with Agile
SDLC & DevOps Transformation with AgileSDLC & DevOps Transformation with Agile
SDLC & DevOps Transformation with AgileAbdel Moneim Emad
 
Iac evolutions
Iac evolutionsIac evolutions
Iac evolutionsPrancer Io
 
Mainframe DevOps: A Zowe CLI-enabled Roadmap
Mainframe DevOps: A Zowe CLI-enabled RoadmapMainframe DevOps: A Zowe CLI-enabled Roadmap
Mainframe DevOps: A Zowe CLI-enabled RoadmapDevOps.com
 
Building DevOps in the enterprise: Transforming challenges into organizationa...
Building DevOps in the enterprise: Transforming challenges into organizationa...Building DevOps in the enterprise: Transforming challenges into organizationa...
Building DevOps in the enterprise: Transforming challenges into organizationa...Jonah Kowall
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyDerek E. Weeks
 
Dev opsnirvana
Dev opsnirvanaDev opsnirvana
Dev opsnirvanaPrashanth Panduranga
 
AppsSec In a DevOps World
AppsSec In a DevOps WorldAppsSec In a DevOps World
AppsSec In a DevOps WorldParasoft
 
DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017Suman Sourav
 
DevOps for the Discouraged
DevOps for the Discouraged DevOps for the Discouraged
DevOps for the Discouraged James Wickett
 
Four ways dev ops benefits your enterprise in 2022 min
Four ways dev ops benefits your enterprise in 2022 minFour ways dev ops benefits your enterprise in 2022 min
Four ways dev ops benefits your enterprise in 2022 minSolution Analysts
 
Better Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousBetter Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousParasoft
 
Implementing an Application Security Pipeline in Jenkins
Implementing an Application Security Pipeline in JenkinsImplementing an Application Security Pipeline in Jenkins
Implementing an Application Security Pipeline in JenkinsSuman Sourav
 
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSourceDevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSourceDevOps Indonesia
 
Designing a secure software development process with DevOps
Designing a secure software development process with DevOpsDesigning a secure software development process with DevOps
Designing a secure software development process with DevOpsMike Long
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security Rogue Wave Software
 
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOpsDevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOpsSuman Sourav
 
A Successful SAST Tool Implementation
A Successful SAST Tool ImplementationA Successful SAST Tool Implementation
A Successful SAST Tool ImplementationCheckmarx
 
Tailoring your SDLC for DevOps, Agile and more
Tailoring your SDLC for DevOps, Agile and moreTailoring your SDLC for DevOps, Agile and more
Tailoring your SDLC for DevOps, Agile and moreJeff Schneider
 
An Essential Guide to Effective Test Automation Leveraging Open Source
An Essential Guide to Effective Test Automation Leveraging Open SourceAn Essential Guide to Effective Test Automation Leveraging Open Source
An Essential Guide to Effective Test Automation Leveraging Open SourceRapidValue
 
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...Simone Onofri
 
software
softwaresoftware
softwaremansab MIRZA
 
Strategic Approach Supply Chain July 2015
Strategic Approach Supply Chain July 2015Strategic Approach Supply Chain July 2015
Strategic Approach Supply Chain July 2015Ron Hurley
 
Conventions of a thriller
Conventions of a thrillerConventions of a thriller
Conventions of a thrillerniamhbarrett
 

More Related Content

What's hot

Iac evolutions
Iac evolutionsIac evolutions
Iac evolutionsPrancer Io
 
Mainframe DevOps: A Zowe CLI-enabled Roadmap
Mainframe DevOps: A Zowe CLI-enabled RoadmapMainframe DevOps: A Zowe CLI-enabled Roadmap
Mainframe DevOps: A Zowe CLI-enabled RoadmapDevOps.com
 
Building DevOps in the enterprise: Transforming challenges into organizationa...
Building DevOps in the enterprise: Transforming challenges into organizationa...Building DevOps in the enterprise: Transforming challenges into organizationa...
Building DevOps in the enterprise: Transforming challenges into organizationa...Jonah Kowall
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyDerek E. Weeks
 
AppsSec In a DevOps World
AppsSec In a DevOps WorldAppsSec In a DevOps World
AppsSec In a DevOps WorldParasoft
 
DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017Suman Sourav
 
DevOps for the Discouraged
DevOps for the Discouraged DevOps for the Discouraged
DevOps for the Discouraged James Wickett
 
Four ways dev ops benefits your enterprise in 2022 min
Four ways dev ops benefits your enterprise in 2022 minFour ways dev ops benefits your enterprise in 2022 min
Four ways dev ops benefits your enterprise in 2022 minSolution Analysts
 
Better Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousBetter Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousParasoft
 
Implementing an Application Security Pipeline in Jenkins
Implementing an Application Security Pipeline in JenkinsImplementing an Application Security Pipeline in Jenkins
Implementing an Application Security Pipeline in JenkinsSuman Sourav
 
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSourceDevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSourceDevOps Indonesia
 
Designing a secure software development process with DevOps
Designing a secure software development process with DevOpsDesigning a secure software development process with DevOps
Designing a secure software development process with DevOpsMike Long
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security Rogue Wave Software
 
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOpsDevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOpsSuman Sourav
 
A Successful SAST Tool Implementation
A Successful SAST Tool ImplementationA Successful SAST Tool Implementation
A Successful SAST Tool ImplementationCheckmarx
 
Tailoring your SDLC for DevOps, Agile and more
Tailoring your SDLC for DevOps, Agile and moreTailoring your SDLC for DevOps, Agile and more
Tailoring your SDLC for DevOps, Agile and moreJeff Schneider
 
An Essential Guide to Effective Test Automation Leveraging Open Source
An Essential Guide to Effective Test Automation Leveraging Open SourceAn Essential Guide to Effective Test Automation Leveraging Open Source
An Essential Guide to Effective Test Automation Leveraging Open SourceRapidValue
 
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...Simone Onofri
 

What's hot (20)

Iac evolutions
Iac evolutionsIac evolutions
Iac evolutions
 
Mainframe DevOps: A Zowe CLI-enabled Roadmap
Mainframe DevOps: A Zowe CLI-enabled RoadmapMainframe DevOps: A Zowe CLI-enabled Roadmap
Mainframe DevOps: A Zowe CLI-enabled Roadmap
 
Building DevOps in the enterprise: Transforming challenges into organizationa...
Building DevOps in the enterprise: Transforming challenges into organizationa...Building DevOps in the enterprise: Transforming challenges into organizationa...
Building DevOps in the enterprise: Transforming challenges into organizationa...
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps Journey
 
Dev opsnirvana
Dev opsnirvanaDev opsnirvana
Dev opsnirvana
 
AppsSec In a DevOps World
AppsSec In a DevOps WorldAppsSec In a DevOps World
AppsSec In a DevOps World
 
DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017
 
DevOps for the Discouraged
DevOps for the Discouraged DevOps for the Discouraged
DevOps for the Discouraged
 
Four ways dev ops benefits your enterprise in 2022 min
Four ways dev ops benefits your enterprise in 2022 minFour ways dev ops benefits your enterprise in 2022 min
Four ways dev ops benefits your enterprise in 2022 min
 
Better Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousBetter Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to Continuous
 
Implementing an Application Security Pipeline in Jenkins
Implementing an Application Security Pipeline in JenkinsImplementing an Application Security Pipeline in Jenkins
Implementing an Application Security Pipeline in Jenkins
 
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSourceDevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
 
Designing a secure software development process with DevOps
Designing a secure software development process with DevOpsDesigning a secure software development process with DevOps
Designing a secure software development process with DevOps
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security
 
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOpsDevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
 
A Successful SAST Tool Implementation
A Successful SAST Tool ImplementationA Successful SAST Tool Implementation
A Successful SAST Tool Implementation
 
Tailoring your SDLC for DevOps, Agile and more
Tailoring your SDLC for DevOps, Agile and moreTailoring your SDLC for DevOps, Agile and more
Tailoring your SDLC for DevOps, Agile and more
 
An Essential Guide to Effective Test Automation Leveraging Open Source
An Essential Guide to Effective Test Automation Leveraging Open SourceAn Essential Guide to Effective Test Automation Leveraging Open Source
An Essential Guide to Effective Test Automation Leveraging Open Source
 
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...
 
software
softwaresoftware
software
 

Viewers also liked

Strategic Approach Supply Chain July 2015
Strategic Approach Supply Chain July 2015Strategic Approach Supply Chain July 2015
Strategic Approach Supply Chain July 2015Ron Hurley
 
Conventions of a thriller
Conventions of a thrillerConventions of a thriller
Conventions of a thrillerniamhbarrett
 
Saber productions Shooting schedule
Saber productions Shooting scheduleSaber productions Shooting schedule
Saber productions Shooting schedulerhsmediastudies
 
Multivibrator bistable
Multivibrator bistableMultivibrator bistable
Multivibrator bistableAhmad_Bagus
 
presentatie Walter Van Wouwe
presentatie Walter Van Wouwepresentatie Walter Van Wouwe
presentatie Walter Van WouweLaura van Selm
 
Presentation1 achu s s
Presentation1 achu s sPresentation1 achu s s
Presentation1 achu s saswathyr7
 
Prevención contra el VIH
Prevención contra el VIHPrevención contra el VIH
Prevención contra el VIHYuranis Paola
 
Social engagement strategy
Social engagement strategySocial engagement strategy
Social engagement strategyAnders Grundborn
 
Twitter Q3 2015 Conference Call With Analysts of Cctober 27, 2015
Twitter Q3 2015 Conference Call With Analysts of Cctober 27, 2015Twitter Q3 2015 Conference Call With Analysts of Cctober 27, 2015
Twitter Q3 2015 Conference Call With Analysts of Cctober 27, 2015Tommy Toy
 
Power Point Presentation ''Work Power Energy"
Power Point Presentation ''Work Power Energy" Power Point Presentation ''Work Power Energy"
Power Point Presentation ''Work Power Energy" Arun Murali
 
Hotel management system v2
Hotel management system v2Hotel management system v2
Hotel management system v2Yudhi Aprianto
 
Simple ways to add glam to your boring work look
Simple ways to add glam to your boring work lookSimple ways to add glam to your boring work look
Simple ways to add glam to your boring work lookSheena Agarwal
 
Solucion industrial empresarial
Solucion industrial empresarialSolucion industrial empresarial
Solucion industrial empresarialMaxwell Altamirano
 
WFG Brochure
WFG BrochureWFG Brochure
WFG BrochureJohn Wood
 

Viewers also liked (19)

Strategic Approach Supply Chain July 2015
Strategic Approach Supply Chain July 2015Strategic Approach Supply Chain July 2015
Strategic Approach Supply Chain July 2015
 
Conventions of a thriller
Conventions of a thrillerConventions of a thriller
Conventions of a thriller
 
Saber productions Shooting schedule
Saber productions Shooting scheduleSaber productions Shooting schedule
Saber productions Shooting schedule
 
Multivibrator bistable
Multivibrator bistableMultivibrator bistable
Multivibrator bistable
 
presentatie Walter Van Wouwe
presentatie Walter Van Wouwepresentatie Walter Van Wouwe
presentatie Walter Van Wouwe
 
WearTest_Welcome_Guide_12
WearTest_Welcome_Guide_12WearTest_Welcome_Guide_12
WearTest_Welcome_Guide_12
 
Presentation1 achu s s
Presentation1 achu s sPresentation1 achu s s
Presentation1 achu s s
 
Prevención contra el VIH
Prevención contra el VIHPrevención contra el VIH
Prevención contra el VIH
 
Social engagement strategy
Social engagement strategySocial engagement strategy
Social engagement strategy
 
Teresa serra
Teresa serra Teresa serra
Teresa serra
 
Twitter Q3 2015 Conference Call With Analysts of Cctober 27, 2015
Twitter Q3 2015 Conference Call With Analysts of Cctober 27, 2015Twitter Q3 2015 Conference Call With Analysts of Cctober 27, 2015
Twitter Q3 2015 Conference Call With Analysts of Cctober 27, 2015
 
Making my dps
Making my dpsMaking my dps
Making my dps
 
Power Point Presentation ''Work Power Energy"
Power Point Presentation ''Work Power Energy" Power Point Presentation ''Work Power Energy"
Power Point Presentation ''Work Power Energy"
 
Hotel management system v2
Hotel management system v2Hotel management system v2
Hotel management system v2
 
Simple ways to add glam to your boring work look
Simple ways to add glam to your boring work lookSimple ways to add glam to your boring work look
Simple ways to add glam to your boring work look
 
Solucion industrial empresarial
Solucion industrial empresarialSolucion industrial empresarial
Solucion industrial empresarial
 
Ervan
ErvanErvan
Ervan
 
Unions and Public Administration
Unions and Public Administration Unions and Public Administration
Unions and Public Administration
 
WFG Brochure
WFG BrochureWFG Brochure
WFG Brochure
 

Similar to Efficient Secure Framework

Security Validation as Code.pdf
Security Validation as Code.pdfSecurity Validation as Code.pdf
Security Validation as Code.pdfPrancer Io
 
10 things to get right for successful dev secops
10 things to get right for successful dev secops10 things to get right for successful dev secops
10 things to get right for successful dev secopsMohammed Ahmed
 
Building Security in Using CI
Building Security in Using CIBuilding Security in Using CI
Building Security in Using CICoveros, Inc.
 
DevSecOps: Integrating Security Into DevOps! {Business Security}
DevSecOps: Integrating Security Into DevOps! {Business Security}DevSecOps: Integrating Security Into DevOps! {Business Security}
DevSecOps: Integrating Security Into DevOps! {Business Security}Ajeet Singh
 
All About Intelligent Orchestration :The Future of DevSecOps.pdf
All About Intelligent Orchestration :The Future of DevSecOps.pdfAll About Intelligent Orchestration :The Future of DevSecOps.pdf
All About Intelligent Orchestration :The Future of DevSecOps.pdfEnov8
 
SCALABLE CI CD DEVOPS
SCALABLE CI CD DEVOPSSCALABLE CI CD DEVOPS
SCALABLE CI CD DEVOPSG R VISHAL
 
DevSecOps: Integrating Security Into Your SDLC
DevSecOps: Integrating Security Into Your SDLCDevSecOps: Integrating Security Into Your SDLC
DevSecOps: Integrating Security Into Your SDLCDev Software
 
How To Implement DevSecOps In Your Existing DevOps Workflow
How To Implement DevSecOps In Your Existing DevOps WorkflowHow To Implement DevSecOps In Your Existing DevOps Workflow
How To Implement DevSecOps In Your Existing DevOps WorkflowEnov8
 
Continuous compliance
Continuous complianceContinuous compliance
Continuous compliancePrancer Io
 
Selecting an App Security Testing Partner: An eGuide
Selecting an App Security Testing Partner: An eGuideSelecting an App Security Testing Partner: An eGuide
Selecting an App Security Testing Partner: An eGuideHCLSoftware
 
Procuring an Application Security Testing Partner
Procuring an Application Security Testing PartnerProcuring an Application Security Testing Partner
Procuring an Application Security Testing PartnerHCLSoftware
 
Taloring A Clouded Data Security Life Cycle Essay
Taloring A Clouded Data Security Life Cycle EssayTaloring A Clouded Data Security Life Cycle Essay
Taloring A Clouded Data Security Life Cycle EssayMarisela Stone
 
Practical CI/CD Insights: Avoiding Pitfalls in Implementations
Practical CI/CD Insights: Avoiding Pitfalls in ImplementationsPractical CI/CD Insights: Avoiding Pitfalls in Implementations
Practical CI/CD Insights: Avoiding Pitfalls in ImplementationsArief Warazuhudien
 
DevOps and Devsecops- Everything you need to know.
DevOps and Devsecops- Everything you need to know.DevOps and Devsecops- Everything you need to know.
DevOps and Devsecops- Everything you need to know.Techugo
 
DevOps and Devsecops.pdf
DevOps and Devsecops.pdfDevOps and Devsecops.pdf
DevOps and Devsecops.pdfTechugo
 
Software engineering introduction
Software engineering introductionSoftware engineering introduction
Software engineering introductionVishal Singh
 
DevOps and Devsecops- What are the Differences.
DevOps and Devsecops- What are the Differences.DevOps and Devsecops- What are the Differences.
DevOps and Devsecops- What are the Differences.Techugo
 

Similar to Efficient Secure Framework (20)

Security Validation as Code.pdf
Security Validation as Code.pdfSecurity Validation as Code.pdf
Security Validation as Code.pdf
 
10 things to get right for successful dev secops
10 things to get right for successful dev secops10 things to get right for successful dev secops
10 things to get right for successful dev secops
 
Building Security in Using CI
Building Security in Using CIBuilding Security in Using CI
Building Security in Using CI
 
DevSecOps: Integrating Security Into DevOps! {Business Security}
DevSecOps: Integrating Security Into DevOps! {Business Security}DevSecOps: Integrating Security Into DevOps! {Business Security}
DevSecOps: Integrating Security Into DevOps! {Business Security}
 
All About Intelligent Orchestration :The Future of DevSecOps.pdf
All About Intelligent Orchestration :The Future of DevSecOps.pdfAll About Intelligent Orchestration :The Future of DevSecOps.pdf
All About Intelligent Orchestration :The Future of DevSecOps.pdf
 
Software Testing ppt
Software Testing pptSoftware Testing ppt
Software Testing ppt
 
SCALABLE CI CD DEVOPS
SCALABLE CI CD DEVOPSSCALABLE CI CD DEVOPS
SCALABLE CI CD DEVOPS
 
DevSecOps: Integrating Security Into Your SDLC
DevSecOps: Integrating Security Into Your SDLCDevSecOps: Integrating Security Into Your SDLC
DevSecOps: Integrating Security Into Your SDLC
 
How To Implement DevSecOps In Your Existing DevOps Workflow
How To Implement DevSecOps In Your Existing DevOps WorkflowHow To Implement DevSecOps In Your Existing DevOps Workflow
How To Implement DevSecOps In Your Existing DevOps Workflow
 
Continuous compliance
Continuous complianceContinuous compliance
Continuous compliance
 
Selecting an App Security Testing Partner: An eGuide
Selecting an App Security Testing Partner: An eGuideSelecting an App Security Testing Partner: An eGuide
Selecting an App Security Testing Partner: An eGuide
 
Procuring an Application Security Testing Partner
Procuring an Application Security Testing PartnerProcuring an Application Security Testing Partner
Procuring an Application Security Testing Partner
 
Taloring A Clouded Data Security Life Cycle Essay
Taloring A Clouded Data Security Life Cycle EssayTaloring A Clouded Data Security Life Cycle Essay
Taloring A Clouded Data Security Life Cycle Essay
 
Practical CI/CD Insights: Avoiding Pitfalls in Implementations
Practical CI/CD Insights: Avoiding Pitfalls in ImplementationsPractical CI/CD Insights: Avoiding Pitfalls in Implementations
Practical CI/CD Insights: Avoiding Pitfalls in Implementations
 
DevOps and Devsecops- Everything you need to know.
DevOps and Devsecops- Everything you need to know.DevOps and Devsecops- Everything you need to know.
DevOps and Devsecops- Everything you need to know.
 
DevOps and Devsecops.pdf
DevOps and Devsecops.pdfDevOps and Devsecops.pdf
DevOps and Devsecops.pdf
 
Software engineering introduction
Software engineering introductionSoftware engineering introduction
Software engineering introduction
 
DevOps and Devsecops- What are the Differences.
DevOps and Devsecops- What are the Differences.DevOps and Devsecops- What are the Differences.
DevOps and Devsecops- What are the Differences.
 
nullcon 2011 - Fuzzing with Complexities
nullcon 2011 - Fuzzing with Complexitiesnullcon 2011 - Fuzzing with Complexities
nullcon 2011 - Fuzzing with Complexities
 
DevSecOps – The Importance of DevOps Security in 2023.docx
DevSecOps – The Importance of DevOps Security in 2023.docxDevSecOps – The Importance of DevOps Security in 2023.docx
DevSecOps – The Importance of DevOps Security in 2023.docx
 

More from LabSharegroup

Product security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsProduct security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsLabSharegroup
 
Pitch Deck - LabShare 2017
Pitch Deck - LabShare 2017Pitch Deck - LabShare 2017
Pitch Deck - LabShare 2017LabSharegroup
 
Accelerate your company
Accelerate your companyAccelerate your company
Accelerate your companyLabSharegroup
 
Build venture - engineering services
Build venture - engineering servicesBuild venture - engineering services
Build venture - engineering servicesLabSharegroup
 
Production ergonomics
Production ergonomicsProduction ergonomics
Production ergonomicsLabSharegroup
 
DAG Ideas full-stack webservices joined to DoSell Platform
DAG Ideas full-stack webservices joined to DoSell PlatformDAG Ideas full-stack webservices joined to DoSell Platform
DAG Ideas full-stack webservices joined to DoSell PlatformLabSharegroup
 
Machinery design & engineering
Machinery design & engineeringMachinery design & engineering
Machinery design & engineeringLabSharegroup
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
 
B2B reference guide for company makers part III. - Soft launch and Growth
B2B reference guide for company makers part III. - Soft launch and GrowthB2B reference guide for company makers part III. - Soft launch and Growth
B2B reference guide for company makers part III. - Soft launch and GrowthLabSharegroup
 
B2B venture reference guide - part II.
B2B venture reference guide - part II.B2B venture reference guide - part II.
B2B venture reference guide - part II.LabSharegroup
 
B2B reference guide for company makers
B2B reference guide for company makersB2B reference guide for company makers
B2B reference guide for company makersLabSharegroup
 
DoSell vision, services overview
DoSell vision, services overviewDoSell vision, services overview
DoSell vision, services overviewLabSharegroup
 
How we build a start-up from zero with the help of online content.
How we build a start-up from zero with the help of online content.How we build a start-up from zero with the help of online content.
How we build a start-up from zero with the help of online content.LabSharegroup
 
The true story of building up our venture
The true story of building up our ventureThe true story of building up our venture
The true story of building up our ventureLabSharegroup
 
Industrial Design www.dosell.io
Industrial Design www.dosell.ioIndustrial Design www.dosell.io
Industrial Design www.dosell.ioLabSharegroup
 
Common Criteria Lab Hungary
Common Criteria Lab HungaryCommon Criteria Lab Hungary
Common Criteria Lab HungaryLabSharegroup
 
Bring your Ideas to Life
Bring your Ideas to LifeBring your Ideas to Life
Bring your Ideas to LifeLabSharegroup
 
DoSell Virtual Verification
DoSell Virtual VerificationDoSell Virtual Verification
DoSell Virtual VerificationLabSharegroup
 
Cathay general intro
Cathay general introCathay general intro
Cathay general introLabSharegroup
 

More from LabSharegroup (20)

Product security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsProduct security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security Certs
 
Pitch Deck - LabShare 2017
Pitch Deck - LabShare 2017Pitch Deck - LabShare 2017
Pitch Deck - LabShare 2017
 
Accelerate your company
Accelerate your companyAccelerate your company
Accelerate your company
 
Build venture - engineering services
Build venture - engineering servicesBuild venture - engineering services
Build venture - engineering services
 
Production ergonomics
Production ergonomicsProduction ergonomics
Production ergonomics
 
DAG Ideas full-stack webservices joined to DoSell Platform
DAG Ideas full-stack webservices joined to DoSell PlatformDAG Ideas full-stack webservices joined to DoSell Platform
DAG Ideas full-stack webservices joined to DoSell Platform
 
Machinery design & engineering
Machinery design & engineeringMachinery design & engineering
Machinery design & engineering
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
 
B2B reference guide for company makers part III. - Soft launch and Growth
B2B reference guide for company makers part III. - Soft launch and GrowthB2B reference guide for company makers part III. - Soft launch and Growth
B2B reference guide for company makers part III. - Soft launch and Growth
 
B2B venture reference guide - part II.
B2B venture reference guide - part II.B2B venture reference guide - part II.
B2B venture reference guide - part II.
 
B2B reference guide for company makers
B2B reference guide for company makersB2B reference guide for company makers
B2B reference guide for company makers
 
DoSell pitch deck
DoSell pitch deckDoSell pitch deck
DoSell pitch deck
 
DoSell vision, services overview
DoSell vision, services overviewDoSell vision, services overview
DoSell vision, services overview
 
How we build a start-up from zero with the help of online content.
How we build a start-up from zero with the help of online content.How we build a start-up from zero with the help of online content.
How we build a start-up from zero with the help of online content.
 
The true story of building up our venture
The true story of building up our ventureThe true story of building up our venture
The true story of building up our venture
 
Industrial Design www.dosell.io
Industrial Design www.dosell.ioIndustrial Design www.dosell.io
Industrial Design www.dosell.io
 
Common Criteria Lab Hungary
Common Criteria Lab HungaryCommon Criteria Lab Hungary
Common Criteria Lab Hungary
 
Bring your Ideas to Life
Bring your Ideas to LifeBring your Ideas to Life
Bring your Ideas to Life
 
DoSell Virtual Verification
DoSell Virtual VerificationDoSell Virtual Verification
DoSell Virtual Verification
 
Cathay general intro
Cathay general introCathay general intro
Cathay general intro
 

Recently uploaded

Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....kzayra69
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfStefano Stabellini
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 

Recently uploaded (20)

Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdf
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 

Efficient Secure Framework

  • 1. AN EFFICIENT SECURE SOFTWARE DEVELOPMENT FRAMEWORK
  • 2. CONTENT THE TOOLSET: OSGI & THE EVERIT FRAMEWORK Cleaner the code - healthier the software Decreasing complexity - fail proof operation Streamlined development - bulletproof application THE METHODOLOGY Design Analysis, precautions Processes under control Shorter iteration, fewer bugfixes Authenticity and undeniability Awareness, vigilance Corresponding partnership 1
  • 3. Before we start to introduce our solution, let’s clarify what we mean when we are talking about secure software develop- ment. In our opinion, this means to keep our eyes on certain se- curity requirements during the whole development project., which also means that we actually do have some security requirements. On the other hand, we have to consider these requirements also when we choose our toolset, and later during the utili- zation of these tools. In short, it is all about the proper tool used in a suitable way. SECURE SOFTWARE DEVELOPMENT THE EVERIT WAY 2
  • 4. In our case the chosen tool is the EverIT framework, built on the Java OSGi platform. Even the Java language, or the OSGi platform itself could be the subject of a security analysis, but this is not what we are aiming for here. We would like to focus on our own experiences, which were collected during our security sensitive projects. Namely the OSGi platform itself can not be called secure, but it provides many possibilities, through which an OSGi based product can be made secure. The complete list of the advantages of the OSGi platform will not be listed here either, as it can be reached under the OSGi Alliance site. The following parts of this document will guide you through the essence of our experiences. THE TOOLSET OSGI & THE EVERIT FRAMEWORK 3
  • 5. In recent years we have had a few projects, where the initial Java EE platform was changed to OSGi during the implementation phase, and we had very impressive re- sults each time. In these projects our lead developers experienced that the modular architecture helped us produce cleaner code, thanks to the conventions of OSGi. So during the process of code reviews it was much easier to notice the details (placed by accident or even on purpose) which could cause vulnerability. This could be complemented by a proper checkstyle policy and a well configured CI (continuous integration) system, but this is rather to do with the cut back on the overload which typically affects our lead developers. So altogether it is beneficial, because with these tools a better code coverage is available during the reviews and even the review can be deeper and more effective. Not to mention that the system administrators get a more easi- ly maintainable application, so the filtration of a malware activity or a noxious code-snippet could be more efficient. CLEANER THE CODE HEALTHIER THE SOFTWARE 4
  • 6. According to our benchmark results, using the OSGi technology and our self-developed framework, we could reach one, and in some cases even two magnitude better response time compared to a traditional Java EE applica- tion. So the system’s load bearing capacity can be higher, and that is how they can be considered more protected against dos and ddos attacks. Of course there is no system (not even based on OSGi) which can not be flooded, but with a modular, OSGi ap- plication this threshold is higher, assuming the same amount of resource on the attacker side. On one hand, we could force the attackers to make some extra effort, which will make the target (our software or system) less tempting. On the other hand, we can gain some time for other defense mechanisms to start before the attackers reach their goal. Similarly, but on the failover side, a lightweight OSGi ap- plication with quicker booting process brings some extra confidence for the administrators compared to a mono- lithic, complex system. This factor could be mission criti- cal in case of a service with high availability and SLA. Furthermore, according to Amdahl’s law, the speedup of a given problem’s solution by parallelization is only pos- sible up to a certain point, so the benefits of OSGi will not disappear even if the availability of resources is relatively high. So in this case we can state that simplicity means security. DECREASING COMPLEXITY FAIL-PROOF OPERATION 5
  • 7. Many years of continuous research and endeavour to- ward perfection led us so far, that we are not willing to compromise in certain cases. One such example is tech- nologies we use to ease and support development. Our experience shows that in this case less is often more. The more support or predefined comfort service you get from a tool or technology, the higher is the risk that you will find yourself in a tight dependency, and you could lose your competitive advantage very quickly if a critical bug emerges (and it will with a good chance). Probably every developer knows the helpless feeling, when a bug turns up in a third party code, out of his au- thority, and the application gets into a vulnerable state (and stays for a while) without anything we can do to find a solution. The less dependency from various technologies we have, the less exposed state we are in. This is what we believe in, and we try to use our self-developed framework in ev- ery possible case. STREAMLINED DEVELOPMENT BULLETPROOF APPLICATION 6
  • 8. If we can not avoid taking an external dependency into our technology stack, it has to be a subject of an inspec- tion, just as accurate as if it were our own development. In this area we require the very same QA rules we do in case of internal development. As a result, many modules have been created under our framework, which are functionally equivalent to oth- er (well-known) competitors on the market, but to keep things under control can be priceless in certain cases. That (and of course the availability of customization) is why it is worth to make our own implementation of these elements. This is how we created our own OSGi based authorization and authentication (and many others) components in or- der to leave the Spring Framework. However the framework does not give a 100% coverage to all technologies and not every technology was written in an OSGi approach, so sometimes they can not be used in an OSGi environment. Therefore, when we receive a request we can not fulfill with our existing solutions, we have to count with some additional effort, financially and in time also. But at the end these efforts will result in better quality, and later it can help save some bugfix and some sleep- less nights for the team. STREAMLINED DEVELOPMENT BULLETPROOF APPLICATION 7
  • 9. The tools described in the previous chapter are worth nothing if we do not use them in a suitable way, or if we make mistakes during the system design. That is why the methodology is so important from the se- curity point of view, maybe even more important than the tools themselves. Realizing this relevance we have introduced some proce- dures which help us produce a higher quality and more secure software. In some cases these are expanded to the whole organisa- tion, otherwise they are built in the development process. The origin of these procedures are the Common Criteria (CC) and the Agile/Scrum methodology, which two prin- ciples we managed to merge into our own hybrid project management technique in order to create custom soft- ware solutions with particular security regulations. The following chapters present a number of practical fea- tures of this technique. THE METHODOLOGY 8
  • 10. The base of every development is a precise design, supported by a consistent technique, which also in- cludes a suitable toolset. At the design stage our choice was UML and Enterprise Architect, and we try to exploit the advantages of this versatile tool. However, we pay meticulous attention not to immerse in the design in such depth, which would obstruct the lean approach of the product development and the ag- ile organization of work. DESIGN 9
  • 11. When developing web-based applications, we bring the OWASP list into sharp focus in the testing phase. However, it is also necessary to examine the possible vulnerability factors and hypothetical attack forms al- ready in the design phase. This allows us to build in the requisite controls and de- velop an application which will not fail later on the pen- etration tests. ANALYSIS & PRECAUTIONS 10
  • 12. From the design cycle, through the implementation, testing and release sub-processes, we handle the mat- ter of traceability with top priority. We believe we found the perfect toolset to support this pursuit: Git for version control, and Jira for project and process management. Another key component of secure services or the se- cure software development is the existence of the con- venient staging process and the necessary staging en- vironment. The permission and access control management, in- stalled already at the beginning of a project, is also part of the practice. We managed to create without compro- mise nearly perfect conditions for this purpose, with the help of our self-operated server infrastructure. 11 PROCESSES UNDER CONTROL
  • 13. We noticed at EverIT (and also at some partners where we work with the same methods) that Agile (e.g. Scrum) and Lean concepts help us bring down the product de- velopment costs and allows us to access the targeted market quicker. Beside this very important (but from a security point of view not so relevant) aspect, we had another exciting realization: Thanks to the more frequent version up- grades, the smaller release packages contain overall fewer bugs. And if a bug does turn up, the identification and cor- rection can be more effective and faster. This is the trait which is extremely relevant in the field of security. 12 SHORTER ITERATION FEWER BUGFIXES
  • 14. Being the main technological partner of Netlock Ltd. the leading, qualified Certificate Authority in Hungary, we are especially proud of our PKI-related develop- ment know-how. In our custom development projects we provide differ- ent PKI solutions (the use of certificates, timestamps, etc.), which can grant authenticity and undeniability in accordance with customer needs. We have great expertise in building in such enhanced security controls into various functions. 13 AUTHENTICITY & UNDENIABILITY
  • 15. The most typical point of failure is the human factor, so awareness, consciousness and preparedness of our colleagues is key. To keep this factor always in focus, the guarantee is our ISO27001 information security management system (ISMS), whose practical procedures include recurring security trainings, professional studies, and continuous self-inspection proceedings. 14 AWARENESS VIGILANCE
  • 16. We work in close cooperation with a software security facility accredited by the OCSI, under the Italian Com- mon Criteria (CC) Scheme. The laboratory’s main profile is security support for software development and software evaluations up to EAL4+ level. During this partnership, we have managed to clarify a number of considerations and directives based on the CC. We strive to start all of our projects to be fit for the EAL4+ definition, and bring “methodically designed, tested, and reviewed” softwares into existence. 15 CORRESPONDING PARTNERSHIP
  • 17. CONTACT US FOR A CONSULTATION: WEB: dosell.io EMAIL: tibor.zahorecz@dosell.io MOBILE: +36 30 836 4099 LET US HELP YOU WITH SECURE SOFTWARE DEVELOPMENT!