Building better product security

Preview:

Click to see full reader

Citation preview

Building better product securityan engineering approach

Who we are

Client was hacked

Security Assessment of completed product…

…is not good enough sometimes either

Secure Development Lifecycle

Engineer becomes a part of team

How security process looks in reality

Than start process of re-Coding, re-Building, re-Testing, re-Auditing

3rd party or internal audit

Tone of security defects

BACK to re-Coding, re-Building, re-Testing, re-Auditing

Generic Approach for Security

Design Build Test Production

security requirements / risk and threat analysis

coding guidelines /code reviews/ static

analysis

security testing / dynamic analysis

vulnerability scanning / WAF

Reactive ApproachProactive Approach

Secure SDLC

Defining security requirements for a project

Developing coding guidelines and static code analysis

Security testing

Vulnerabilty testing

Common SDLC fails

CODE

It is not a vulnerability, it is a feature

Installling application after SDLC on vulnerable environment

SDLC makes everyone happy

Such approach eventually may save one’s business

Questions?

Thanks!

http://owasp-lviv.blogspot.com

Recommended

Building Better
Economy & Finance
Better Overview. Increased Security. - mobotix-id.com · Better Overview. Increased Security. ... Automatic recording of all visitors in front of the building ... with doorbell and
Documents
Assistive Technology: Building Bridges for Better Transitions€¦ · Building Bridges for Better Transitions ... Dragon Dictation ... Assistive Technology: Building Bridges for Better
Documents
[Russia] Building better product security
Internet
Building a Better Security Posture
Internet
Building Better Security Partners: Research Projectsites.duke.edu/tcths_fellows/files/2015/09/Stewart-Final-CRP.pdf · Building Better Security Partners: What have we learned from
Documents
Building Better Models
Technology
Building better tools
Technology
Building Better Childhoods
Documents
Building Better Lives
Documents
Better security for better business
Documents
Building Better Software by Building Better Developers
Technology
Building Better Democracies - EODS. Building Better DemocraciesWhy political... · Building Better Democracies • Why political parties matter *Thomas Carothers, Director, Democracy
Documents
Building back better
Documents
BUILDING BETTER HEATLH
Health & Medicine
Security systems - BRE Group – Building a better world
Documents
Dell Security: Better Security for Better Business
Business
Building Better, Building Beautiful Commission
Documents
Building Better Lives for Children Newsletter June 2017(1).pdf · Building Better Lives for Children ... Food Security Activity (DFSA) ... people improve their livelihood and nutrition
Documents
Better Security, Better World · 2020-06-05 · 유니뷰VCA기능사용매뉴얼 Better Security, Better World ※본매뉴얼은실제제품화면과일부상이할수있습니다
Documents