Asankhaya Sharma, profile picture
Uploaded byAsankhaya Sharma
PPTX, PDF377 views

Secure Software Development

The document discusses secure software development. It recommends considering security throughout the software development lifecycle, from requirements to deployment. Key aspects discussed include identifying security requirements for sensitive data, applying principles for secure design like simplicity and defense in depth, implementing secure coding rules through code reviews and testing with techniques like fuzzing and penetration testing. The document also discusses methodologies like BSIMM and SDL and notes that continuous delivery requires continuous security integration and automation.

Download to read offline
Secure Software Development Dr. Asankhaya Sharma SIT
20-Feb-16 2
Secure Software Development • Consider security throughout the software development lifecycle – Requirements – Design – Implementation – Testing – Deployment 20-Feb-16 3
Requirements • Identify sensitive data and resources • Define security requirements for them – Confidentiality – Integrity – Availability • Consider threats and abuse cases that violate these requirements 20-Feb-16 4
Application Specific •Abuse/Misuse Cases •Threat Models •Attacks •Assets Generic •Common Best Practices •Legal •IT •Development Architectural Risk Analysis •Underlying Framework •Ambiguity Analysis •Fundamental Weakness Attack Patterns •Historical Risks •Vulnerabilities 20-Feb-16 5
Design • Apply principles for secure software design – Prevent, mitigate and detect possible attacks • Security principles – Favor Simplicity – Trust with Reluctance – Defend in Depth 20-Feb-16 6
20-Feb-16 7
Implementation • Apply coding rules that implement secure design • Use automated code review techniques to find potential vulnerabilities components – Static Analysis – Symbolic execution 20-Feb-16 8
20-Feb-16 9
Testing • Penetration Testing to find potential flaws in the real system – Fuzz testing • Employ attack patterns 20-Feb-16 10
Different methodologies • BSIMM (Building Security In – Maturity Model) – http://bsimm.com • Microsoft Security Development Lifecycle – https://www.microsoft.com/en-us/sdl/ • OpenSAMM Software Assurance Maturity Model – http://opensamm.org 20-Feb-16 11
20-Feb-16 12
Continuous Delivery of Software 20-Feb-16 13
20-Feb-16 14
Continuous Security • Requires security automation • Integrate into CD environment and tools – Source code management systems • GitHub, Bitbucket etc. – Build systems • Travis CI, Jenkins etc. • Audit third party component and open-source library usage 20-Feb-16 15
Takeaways • Security practices should be built in during the software development process • Continuous delivery needs continuous security 20-Feb-16 16
Thanks! • Questions? • Contact – @asankhaya 20-Feb-16 17

More Related Content

PPTX
Ethical hacking
byAishwary Sinha
 
PPT
Lesson 1
byMLG College of Learning, Inc
 
PPTX
LTS Cyber Security Analytics
byrver21
 
PPTX
Intruders and Intrusion detection in Cryptosystems
byVelanSalis
 
PDF
Automated tools for security, the challenge 2.0?
byRomain Gaucher
 
PDF
Prepare Yourself to Become Infosec Professional
byM.Syarifudin, ST, OSCP, OSWP
 
PPTX
Ethical Hacking - An Overview
byAfaq Mansoor Khan
 
PPTX
Network security
byDonald West Rock
 
Ethical hacking
byAishwary Sinha
 
Lesson 1
byMLG College of Learning, Inc
 
LTS Cyber Security Analytics
byrver21
 
Intruders and Intrusion detection in Cryptosystems
byVelanSalis
 
Automated tools for security, the challenge 2.0?
byRomain Gaucher
 
Prepare Yourself to Become Infosec Professional
byM.Syarifudin, ST, OSCP, OSWP
 
Ethical Hacking - An Overview
byAfaq Mansoor Khan
 
Network security
byDonald West Rock
 

What's hot

PPT
Lesson 4
byMLG College of Learning, Inc
 
PPT
Lesson 1- Risk Managment
byMLG College of Learning, Inc
 
PPT
Lesson 3
byMLG College of Learning, Inc
 
PPTX
Attackers process
bybegmohsin
 
PPTX
EthicalHacking_AakashTakale
byAakash Takale
 
PPTX
Log maintenance network securiy
byMohsin Ali
 
PPT
Networking
bySalman Memon
 
PPT
CompTIA Security+ Module1: Security fundamentals
byGanbayar Sukhbaatar
 
PDF
OWASP Top 10 A4 – Insecure Direct Object Reference
byNarudom Roongsiriwong, CISSP
 
PPTX
Ethical hacking
byGarla Prajwal
 
PDF
call for papers - International Journal on Cryptography and Information Secur...
byJonesSmith7
 
PDF
Ijcis -->cfp
byJonesSmith7
 
PPTX
SL_Long Beach_Creative Artists_12_04_2015
byJon Papp
 
PPTX
Correct the most common web development security mistakes - Eric Vanderburg
byEric Vanderburg
 
PPTX
Introduction to ethical hacking
byAgung Suwandaru
 
PPTX
Deconstructing website attacks - Eric Vanderburg
byEric Vanderburg
 
PDF
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
byEdureka!
 
PPT
Basic penetration testing & Ethical Hacking 2nd module
byankit sarode
 
Lesson 4
byMLG College of Learning, Inc
 
Lesson 1- Risk Managment
byMLG College of Learning, Inc
 
Lesson 3
byMLG College of Learning, Inc
 
Attackers process
bybegmohsin
 
EthicalHacking_AakashTakale
byAakash Takale
 
Log maintenance network securiy
byMohsin Ali
 
Networking
bySalman Memon
 
CompTIA Security+ Module1: Security fundamentals
byGanbayar Sukhbaatar
 
OWASP Top 10 A4 – Insecure Direct Object Reference
byNarudom Roongsiriwong, CISSP
 
Ethical hacking
byGarla Prajwal
 
call for papers - International Journal on Cryptography and Information Secur...
byJonesSmith7
 
Ijcis -->cfp
byJonesSmith7
 
SL_Long Beach_Creative Artists_12_04_2015
byJon Papp
 
Correct the most common web development security mistakes - Eric Vanderburg
byEric Vanderburg
 
Introduction to ethical hacking
byAgung Suwandaru
 
Deconstructing website attacks - Eric Vanderburg
byEric Vanderburg
 
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
byEdureka!
 
Basic penetration testing & Ethical Hacking 2nd module
byankit sarode
 

Viewers also liked

PPTX
Selección de elementos de control y protección
byJesus Aguilar Hernandez
 
PPTX
Hindustan products ltd
byBhavin Agrawal
 
PDF
5 Erfolgstipps für bessere Quoten
byAnaplan
 
PDF
Enjoy Electron Everyone!
bym1sogi
 
PDF
Resume1a
byZenas Carney
 
PPTX
EHUMOOC2014
bymagis_berrikuntza
 
PPS
Indiánboszorkány
byKlári Papp
 
PDF
Ashley A. Work Log Pictures
byashleyasbell
 
PPTX
El sustantivo 1º
bymisslourdes21
 
PPT
Śniadanie Daje Moc
bybrandsupportpl
 
PPTX
Billetes falsos p5
byLuis Antonio Reyes
 
PPTX
Forbes webinar: The transformative CMO
byAnaplan
 
Selección de elementos de control y protección
byJesus Aguilar Hernandez
 
Hindustan products ltd
byBhavin Agrawal
 
5 Erfolgstipps für bessere Quoten
byAnaplan
 
Enjoy Electron Everyone!
bym1sogi
 
Resume1a
byZenas Carney
 
EHUMOOC2014
bymagis_berrikuntza
 
Indiánboszorkány
byKlári Papp
 
Ashley A. Work Log Pictures
byashleyasbell
 
El sustantivo 1º
bymisslourdes21
 
Śniadanie Daje Moc
bybrandsupportpl
 
Billetes falsos p5
byLuis Antonio Reyes
 
Forbes webinar: The transformative CMO
byAnaplan
 

Similar to Secure Software Development

PDF
ACS-security-2821-001 Lecture Note 13.pdf
byMostafa Taghizade
 
PPTX
Week 4.1 Building security into the software development lifecycle copy.pptx
byazida3
 
PPTX
7.2-0-D8-October2021 (Software Development Security).pptx
byroongrus
 
PPTX
Lecture 10.pptx
byMuhammadRehan856177
 
PDF
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
bySBWebinars
 
PDF
Secure Software Development: Best practice and strategies.pdf
byNexflare Dynamics
 
PDF
Matteo Meucci - Security Summit 12th March 2019
byMinded Security
 
PDF
Beyond security testing
byCu Nguyen
 
PDF
Secure in Software Development Life Cycle
byjosheph max
 
PDF
Secure software development.pdf
byIntuitiveCloud
 
PDF
Software Development Security_ Protect Your Software From Cyber Attacks.pdf
byRahimMakhani2
 
PDF
Program Security in information security.pdf
byshumailach472
 
PPT
The Principles of Secure Development - David Rook
bySecurity B-Sides
 
PPT
csce201 - software - sec Basic Security.ppt
bygealehegn
 
PDF
Secure Coding Practices Every Developer Should Know.pdf
byZohaib Rizwan
 
PDF
The Principles of Secure Development - BSides Las Vegas 2009
bySecurity Ninja
 
PDF
Introduction to Software Security Initiative
bySudarshan Narayanan
 
ODP
Hack2Secure Assists Organization in Secure Application Development Through BS...
byhack2s
 
PPTX
Secure Software Development: Why It Matters.
byArthur Evans
 
PDF
The Importance of Cybersecurity in Software Development.pdf
bysphinx Worldbiz
 
ACS-security-2821-001 Lecture Note 13.pdf
byMostafa Taghizade
 
Week 4.1 Building security into the software development lifecycle copy.pptx
byazida3
 
7.2-0-D8-October2021 (Software Development Security).pptx
byroongrus
 
Lecture 10.pptx
byMuhammadRehan856177
 
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
bySBWebinars
 
Secure Software Development: Best practice and strategies.pdf
byNexflare Dynamics
 
Matteo Meucci - Security Summit 12th March 2019
byMinded Security
 
Beyond security testing
byCu Nguyen
 
Secure in Software Development Life Cycle
byjosheph max
 
Secure software development.pdf
byIntuitiveCloud
 
Software Development Security_ Protect Your Software From Cyber Attacks.pdf
byRahimMakhani2
 
Program Security in information security.pdf
byshumailach472
 
The Principles of Secure Development - David Rook
bySecurity B-Sides
 
csce201 - software - sec Basic Security.ppt
bygealehegn
 
Secure Coding Practices Every Developer Should Know.pdf
byZohaib Rizwan
 
The Principles of Secure Development - BSides Las Vegas 2009
bySecurity Ninja
 
Introduction to Software Security Initiative
bySudarshan Narayanan
 
Hack2Secure Assists Organization in Secure Application Development Through BS...
byhack2s
 
Secure Software Development: Why It Matters.
byArthur Evans
 
The Importance of Cybersecurity in Software Development.pdf
bysphinx Worldbiz
 

More from Asankhaya Sharma

PPTX
Developer-focused Software Security
byAsankhaya Sharma
 
PDF
Securing Open Source Code in Enterprise
byAsankhaya Sharma
 
PPT
Crafting a Successful Engineering Career
byAsankhaya Sharma
 
PPTX
Visualizing Symbolic Execution with Bokeh
byAsankhaya Sharma
 
PPTX
Exploiting undefined behaviors for efficient symbolic execution
byAsankhaya Sharma
 
PPT
DIDAR: Database Intrusion Detection with Automated Recovery
byAsankhaya Sharma
 
PPTX
Specifying compatible sharing in data structures
byAsankhaya Sharma
 
PDF
Design and Implementation of the Security Graph Language
byAsankhaya Sharma
 
PPTX
Certified Reasoning for Automated Verification
byAsankhaya Sharma
 
PPTX
Verified Subtyping with Traits and Mixins
byAsankhaya Sharma
 
PDF
9 types of people you find on your team
byAsankhaya Sharma
 
PPT
SayCheese Ad
byAsankhaya Sharma
 
PDF
Last Days of Academy
byAsankhaya Sharma
 
Developer-focused Software Security
byAsankhaya Sharma
 
Securing Open Source Code in Enterprise
byAsankhaya Sharma
 
Crafting a Successful Engineering Career
byAsankhaya Sharma
 
Visualizing Symbolic Execution with Bokeh
byAsankhaya Sharma
 
Exploiting undefined behaviors for efficient symbolic execution
byAsankhaya Sharma
 
DIDAR: Database Intrusion Detection with Automated Recovery
byAsankhaya Sharma
 
Specifying compatible sharing in data structures
byAsankhaya Sharma
 
Design and Implementation of the Security Graph Language
byAsankhaya Sharma
 
Certified Reasoning for Automated Verification
byAsankhaya Sharma
 
Verified Subtyping with Traits and Mixins
byAsankhaya Sharma
 
9 types of people you find on your team
byAsankhaya Sharma
 
SayCheese Ad
byAsankhaya Sharma
 
Last Days of Academy
byAsankhaya Sharma
 

Recently uploaded

PDF
Incident Response Planning and Management
byCyberneticGI
 
PPTX
Streamline Compliance and Safety with Advanced Contractor Management Software
bySHEQ Network Limited
 
PPTX
Lifecycle of Automated Testing: A Step-by-Step Journey from Planning to Repor...
bySophie Lane
 
PDF
Working with Machine Learning in Production
byFrederick Apina
 
PDF
The Ultimate Guide to Software POC Development and Validation
byShiv Technolabs Pvt. Ltd.
 
PDF
One HTTPS server in Modern Pascal to Rule Them All
byArnaud Bouchez
 
PDF
How App Developers in London UK Empower Digital Businesses – US APP Developer...
byIndia App Developer
 
PPTX
power point presentation of Soft computing
byyashhjain24
 
PDF
Google Developer Groups on Campus CSUEB: Intro to Google Agent Development Kit
byugoti
 
PDF
git - from commit to merge - semcomp beta 2018 workshop
byJoao Marins
 
PDF
Alluxio Webinar | Alluxio + S3 A Tiered Architecture for Latency-Critical, Se...
byAlluxio, Inc.
 
PDF
Comprehensive Logging with mORMot 2 on Delphi and FPC
byArnaud Bouchez
 
PPTX
Hall-Pass-Management-Software-Transforming-School-Safety-and-Efficiency.pptx
byinfoswipesolutionsin
 
PDF
product realizatio n software.pdf
byJames Cameron
 
PPTX
Digital Twins for RolandRust U Maryland 20251030 v14.pptx
byhome
 
PDF
PyData Paris keynote: Big ideas shaping scientific Python: the quest for perf...
byRalf Gommers
 
PDF
Enterprise Data Sync via Navision Integration Service Provider
byNavision India
 
PPTX
Streamline Your Business with BUSY Software.pptx
byMoving Cloud
 
DOCX
The Ultimate Guide to Modern Intranet & Digital Workplace Success
bySharepoint Designs
 
PPT
Comp Programming Characters and Strings
byAlonTashobya
 
Incident Response Planning and Management
byCyberneticGI
 
Streamline Compliance and Safety with Advanced Contractor Management Software
bySHEQ Network Limited
 
Lifecycle of Automated Testing: A Step-by-Step Journey from Planning to Repor...
bySophie Lane
 
Working with Machine Learning in Production
byFrederick Apina
 
The Ultimate Guide to Software POC Development and Validation
byShiv Technolabs Pvt. Ltd.
 
One HTTPS server in Modern Pascal to Rule Them All
byArnaud Bouchez
 
How App Developers in London UK Empower Digital Businesses – US APP Developer...
byIndia App Developer
 
power point presentation of Soft computing
byyashhjain24
 
Google Developer Groups on Campus CSUEB: Intro to Google Agent Development Kit
byugoti
 
git - from commit to merge - semcomp beta 2018 workshop
byJoao Marins
 
Alluxio Webinar | Alluxio + S3 A Tiered Architecture for Latency-Critical, Se...
byAlluxio, Inc.
 
Comprehensive Logging with mORMot 2 on Delphi and FPC
byArnaud Bouchez
 
Hall-Pass-Management-Software-Transforming-School-Safety-and-Efficiency.pptx
byinfoswipesolutionsin
 
product realizatio n software.pdf
byJames Cameron
 
Digital Twins for RolandRust U Maryland 20251030 v14.pptx
byhome
 
PyData Paris keynote: Big ideas shaping scientific Python: the quest for perf...
byRalf Gommers
 
Enterprise Data Sync via Navision Integration Service Provider
byNavision India
 
Streamline Your Business with BUSY Software.pptx
byMoving Cloud
 
The Ultimate Guide to Modern Intranet & Digital Workplace Success
bySharepoint Designs
 
Comp Programming Characters and Strings
byAlonTashobya
 

Secure Software Development