Embed Size (px)
Citation preview
1
Glenn ten Cate
Twitter:@FooBar_testing_
Riccardo ten Cate
Twitter:@RiieCco
2
Agenda
• Why?• Software (AND Security) development life cycle
3
Developer, you are the one
3
Agenda
• Why?• Software (AND Security) development life cycle
4
Coding mistakes, déjà vu.
4
Agenda
• Why?• Software (AND Security) development life cycle
5
Barely hanging on …
5
Agenda
• Why?• Software (AND Security) development life cycle
6
But there is always an option!
6
Agenda
• Why?• Software (AND Security) development life cycle
7
There are ways to learn!
7
• Worldwide not-for-profit charitable. • Our mission is to make software security visible, so that
individuals and organizations worldwide can make informed decisions about true software security risks.
8
Agenda
• Why?• Software (AND Security) development life cycle
9
Be responsible for your code.
9
Verify your code• ASVS lvl1 Opportunistic
It adequately defends against application security vulnerabilities that are easy to discover.
• ASVS lvl2 StandardIt adequately defends against prevalent application security vulnerabilities whose existence poses moderate-to-serious risk.
• ASVS lvl3 AdvancedIt adequately defends against all advanced application security vulnerabilities, and also demonstrates principles of good security design.
10
What is S.K.F• Guide to secure programming
By adapting your design to security, not securing your design
• Security awarenessIt informs you about threats even before you wrote a single line of code.
• Clear and transparentProvides information applicable for your specific needs on the spot.
11
Agenda
• Why?• Software (AND Security) development life cycle
12
And now the blind dev can see.
12
Demo
13
Agenda
• Why?• Software (AND Security) development life cycle
14
You know this, you are ready.
14
SDLC MANUAL• OWASP-SKF • Software Development Life Cycle• Code review• SAST• DAST
15
SDLC CI• OWASP-SKF • Software Development Life Cycle• Travis CI• Coveralls CI• Scrutinizer CI
16
Agenda
• Why?• Software (AND Security) development life cycle
17
GitHub• https://github.com/blabla1337/skf-flask
17
Agenda
• Why?• Software (AND Security) development life cycle
18
You have the skills …
18
Agenda
• Why?• Software (AND Security) development life cycle
19
… you are the one.
19
Getting involved?• OWASP
https://www.owasp.org/index.php/OWASP_Security_Knowledge_Framework
• Websitehttps://secureby.design
Together we can make it big, strong and helpful!
20
Agenda
• Why?• Software (AND Security) development life cycle
21
You are only as strong as the weakest developer in your team.
21
Questions?
22
