building better product security
Post on 16-Apr-2017
1.238 Views
Preview:
TRANSCRIPT
Building better product securityan engineering approach
Who we are
Client was hacked
Security Assessment of completed product…
…is not good enough sometimes either
Secure Development Lifecycle
Engineer becomes a part of team
How security process looks in reality
Than start process of re-Coding, re-Building, re-Testing, re-Auditing
3rd party or internal audit
Tone of security defects
BACK to re-Coding, re-Building, re-Testing, re-Auditing
Generic Approach for Security
Design Build Test Production
security requirements / risk and threat analysis
coding guidelines /code reviews/ static
analysis
security testing / dynamic analysis
vulnerability scanning / WAF
Reactive ApproachProactive Approach
Secure SDLC
Defining security requirements for a project
Developing coding guidelines and static code analysis
Security testing
Vulnerabilty testing
Common SDLC fails
CODE
It is not a vulnerability, it is a feature
Installling application after SDLC on vulnerable environment
SDLC makes everyone happy
Such approach eventually may save one’s business
Questions?
Thanks!
http://owasp-lviv.blogspot.com
top related