• Home

  • Documents

  • Security Development Life Cycle Baking Security into Development September 2010
10
Security Development Life Cycle Baking Security into Development September 2010

Security Development Life Cycle Baking Security into Development September 2010

Tags:

Embed Size (px)

Citation preview

Page 1: Security Development Life Cycle Baking Security into Development September 2010

Security Development Life Cycle

Baking Security into Development

September 2010

Page 2: Security Development Life Cycle Baking Security into Development September 2010

The Security Development Life Cycle

2

Source: Microsoft Security Development Lifecycle, 2010

Page 3: Security Development Life Cycle Baking Security into Development September 2010

Components

• Training: Understand fundamentals of secure development and coding– Secure design– Threat modeling– Secure coding and testing– Privacy, risk and best practices

3

Page 4: Security Development Life Cycle Baking Security into Development September 2010

Components

• Requirements: Define functional AND security requirements– Assess SDL applicability in respect to security

and privacy implications– Assign SDL responsibilities– Identity SDL tools – Create security/privacy plan

4

Page 5: Security Development Life Cycle Baking Security into Development September 2010

Components

• Design: establish best security practices for project– Does the application design/functionality present

vulnerabilities to common threats?– Focus on keeping functionality but reduce attack

surface– Predefined prohibitions, e.g., firewall changes, weak

cryptography http://www.microsoft.com/security/sdl/getstarted/threatmodeling.aspx

5

http://www.microsoft.com/security/sdl/getstarted/threatmodeling.aspx
http://www.microsoft.com/security/sdl/getstarted/threatmodeling.aspx
Page 6: Security Development Life Cycle Baking Security into Development September 2010

Components

• Implementation: Detect and remove security and privacy issues early in development– Static code analyzers– Identification of Banned APIs that are difficult to use

correctly (e.g., strcpy C routine)– Use secure code libraries– Use operating system “defense in depth”

protections, such as address space layout randomization and corrupted heap termination

6

Page 7: Security Development Life Cycle Baking Security into Development September 2010

Components

• Verification: Conduct attack surface analysis and threat modeling– Dynamic analysis tools such as AppScan– Use of fuzzers, e.g., OWASP jBROFuzz, to identify

program failure or recovery with random or unexpected results

7

Page 8: Security Development Life Cycle Baking Security into Development September 2010

Components

• Release: Preparing for use of the software– Is there a final security review that tracks the

above steps?– Is an exception needed – who approves?– Is there a pre-defined security incident response

plan for rollout?– Archive all security documentation

8

Page 9: Security Development Life Cycle Baking Security into Development September 2010

Components

• Response: Ensure development team is available to response to possible security vulnerabilities or privacy issues– Execute security plan, if required

9

Page 10: Security Development Life Cycle Baking Security into Development September 2010

Questions

• Is the Security Development Lifecycle relevant to development at UC Davis?

• What if the SDL was integrated into IET development?

10


EC112 BAKING Baking 22 - NDSU · EC112 BAKING Baking 22 ... The New Mexico 4-H Curriculum Review Committee revised this project in 2001. ... The 4-H Baking II project is designed

EC112 BAKING Baking 22 - NDSU · EC112 BAKING Baking 22 ... The New Mexico 4-H Curriculum Review Committee revised this project in 2001. ... The 4-H Baking II project is designed

Documents
Assorted Baking CupsAssorted Baking Cups - Pastry Pro Cup [NP-2016-09-09].pdf · Assorted Baking CupsAssorted Baking Cups PET Laminated Baking Cup Paper Baking Cup Food grade and

Assorted Baking CupsAssorted Baking Cups - Pastry Pro Cup [NP-2016-09-09].pdf · Assorted Baking CupsAssorted Baking Cups PET Laminated Baking Cup Paper Baking Cup Food grade and

Documents
7 Software Development Security

7 Software Development Security

Documents
MltiMulti-Mdi BkiMedia Baking Technology BkiMedia Baking Technology Mihaelos N. Mihalos Mondelēz International LLCz International LLC North America Region Biscuit Research, Development

MltiMulti-Mdi BkiMedia Baking Technology BkiMedia Baking Technology Mihaelos N. Mihalos Mondelēz International LLCz International LLC North America Region Biscuit Research, Development

Documents
in Security, Conflict and International Development · MSc Security, Conflict and International Development The MSc in Security, Conflict and International Development (SCID) offered

in Security, Conflict and International Development · MSc Security, Conflict and International Development The MSc in Security, Conflict and International Development (SCID) offered

Documents
Security Tools For Software Development Ivan Medvedev Security Development Lead Microsoft Corporation

Security Tools For Software Development Ivan Medvedev Security Development Lead Microsoft Corporation

Documents
Development of security architecture

Development of security architecture

Documents
Baking Techniques - Edrawsoft · 2018-04-24 · maag salsa the most professional baking method baking attentively,delicious harvest baking techniques

Baking Techniques - Edrawsoft · 2018-04-24 · maag salsa the most professional baking method baking attentively,delicious harvest baking techniques

Documents
Assorted Baking CupsAssorted Baking Cups

Assorted Baking CupsAssorted Baking Cups

Documents
Smits security driven development

Smits security driven development

Government & Nonprofit
Baking Basics - Hasbro...Baking Basics 1. Place the baking pan in the baking slot as shown. 2. Use pan pusher to push pan into baking chamber. Stop when the baking line on the handle

Baking Basics - Hasbro...Baking Basics 1. Place the baking pan in the baking slot as shown. 2. Use pan pusher to push pan into baking chamber. Stop when the baking line on the handle

Documents
Baking - sweethaven02.comBread§Culturalsignificance Baking,especiallyofbread,holdsspecialsignificance BirdbakedfrombreadontheMarchequinoxtocelebratespring andthefortymartyrs

Baking - sweethaven02.comBread§Culturalsignificance Baking,especiallyofbread,holdsspecialsignificance BirdbakedfrombreadontheMarchequinoxtocelebratespring andthefortymartyrs

Documents
Social Development & Security

Social Development & Security

Documents
Security Development Life Cycle

Security Development Life Cycle

Technology
EC113 BAKING Baking 33 - MSU Extension BAKING Baking 33 ... The Goodness of Bread ... bread baking develops your creativity. These are some of the things you will learn in

EC113 BAKING Baking 33 - MSU Extension BAKING Baking 33 ... The Goodness of Bread ... bread baking develops your creativity. These are some of the things you will learn in

Documents
Baking Cookies Recipe Mixing Baking Final Product

Baking Cookies Recipe Mixing Baking Final Product

Documents
Baking Time and Watt-Hour Consumption in Baking Potatoes

Baking Time and Watt-Hour Consumption in Baking Potatoes

Documents
Agrifoods Development Fund Guidelines - FINAL …...Other canned foods . . 1 year DRY FOODS (once opened, store in ailtight containers, away from light and heat) Baking powder, baking

Agrifoods Development Fund Guidelines - FINAL …...Other canned foods . . 1 year DRY FOODS (once opened, store in ailtight containers, away from light and heat) Baking powder, baking

Documents
How to Bake Baking Powder and Baking Soda

How to Bake Baking Powder and Baking Soda

Documents
Design and Development of Baking Course Booking Systemwith

Design and Development of Baking Course Booking Systemwith

Documents
EC113 BAKING Baking 33 - NDSU · EC113 BAKING Baking 33 ... The New Mexico 4-H Curriculum Review Committee revised this project in 2001. ... It is very different from Baking 1 and

EC113 BAKING Baking 33 - NDSU · EC113 BAKING Baking 33 ... The New Mexico 4-H Curriculum Review Committee revised this project in 2001. ... It is very different from Baking 1 and

Documents
Apakah Baking Powder Dan Baking Soda Itu Sama

Apakah Baking Powder Dan Baking Soda Itu Sama

Documents
National Cyber Security Research and Development · PDF fileNational Cyber Security Research and Development Challenges ... to direct and coordinate cyber security research and development

National Cyber Security Research and Development · PDF fileNational Cyber Security Research and Development Challenges ... to direct and coordinate cyber security research and development

Documents
Android Security Development - Part 1: App Development

Android Security Development - Part 1: App Development

Software
Security Development Lifecycle for Agile Development

Security Development Lifecycle for Agile Development

Documents
Baking and Baking Science

Baking and Baking Science

Documents
Web Design & Development: Security

Web Design & Development: Security

Documents
Development of a benchtop baking method for … of a benchtop baking method for chemically leavened crackers Meera Kweon, Louise Slade*, Harry Levine*, and Edward Souza USDA, ARS,

Development of a benchtop baking method for … of a benchtop baking method for chemically leavened crackers Meera Kweon, Louise Slade*, Harry Levine*, and Edward Souza USDA, ARS,

Documents
Baking Paper and Baking Cups

Baking Paper and Baking Cups

Documents
PASTRY Baking trays, baking supports and working mats · PASTRY Baking trays, baking supports and working mats These aluminium non-stick baking trays are designed for oven-cooking

PASTRY Baking trays, baking supports and working mats · PASTRY Baking trays, baking supports and working mats These aluminium non-stick baking trays are designed for oven-cooking

Documents