avoiding the pitfalls of secure sdlc

19

Avoiding the Pitfalls of Secure SDLC Succeeding with Automation

Upload: gerard

Post on 16-Feb-2016

61 views

Category:

Documents

0 download

Report

Download

Tags:

Embed Size (px):

DESCRIPTION

Avoiding the Pitfalls of Secure SDLC. Succeeding with Automation. Introductions. Status Quo. Where we find flaws today. Highest ROI. Look familiar?. Relative cost to fix, based on time of detection. Source: NIST. February 2012 Report from Quocirca. Results of an Open SAMM Assessment. - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Avoiding the Pitfalls of Secure SDLC

Avoiding the Pitfalls of Secure SDLC

Succeeding with Automation

Page 2: Avoiding the Pitfalls of Secure SDLC

Introductions

Page 3: Avoiding the Pitfalls of Secure SDLC

Status Quo

Page 4: Avoiding the Pitfalls of Secure SDLC

Requir

emen

ts / A

rchite

cture

Coding

Integ

ration

/ Com

pone

nt Tes

ting

System

/ Acc

eptan

ce T

estin

g

Produc

tion /

Pos

t-Rele

ase

1x6x

11x16x21x26x31x36x

Rel

ativ

e co

st to

fix,

bas

ed o

n tim

e of

det

ectio

n

Source: NIST

Highest ROI

Where we find flaws today

Look familiar?

Page 5: Avoiding the Pitfalls of Secure SDLC

February 2012 Report from Quocirca

Page 6: Avoiding the Pitfalls of Secure SDLC

Results of an Open SAMM Assessment

Page 7: Avoiding the Pitfalls of Secure SDLC

Problems with Verification

Page 8: Avoiding the Pitfalls of Secure SDLC

Security Requirements

42%

58%

Not covered by scannersCan be caught by scanners

Page 9: Avoiding the Pitfalls of Secure SDLC

Scaling: Self-Serve

Page 10: Avoiding the Pitfalls of Secure SDLC

Solution: Automated, Criteria-based

Requirements Generation

Page 11: Avoiding the Pitfalls of Secure SDLC

Context

Page 12: Avoiding the Pitfalls of Secure SDLC

Matched Against Rules

Page 13: Avoiding the Pitfalls of Secure SDLC

Generates Threats

Page 14: Avoiding the Pitfalls of Secure SDLC

Matched Against Rules

Page 15: Avoiding the Pitfalls of Secure SDLC

Which Have Countermeasures

Page 16: Avoiding the Pitfalls of Secure SDLC

Apply the context for specific guidelines

Page 17: Avoiding the Pitfalls of Secure SDLC

And (Optionally) Import into ALM

Page 18: Avoiding the Pitfalls of Secure SDLC

Program Justification:$4k to find vuln in

production

Page 19: Avoiding the Pitfalls of Secure SDLC

[email protected]@sdelements.com

Oil Field Pitfalls: Avoiding Environmental Liabilities

Avoiding Pitfalls in Trans Vaginal

[Slideshare]avoiding linguistic pitfalls

Avoiding Commercial Lease Pitfalls - William Forsterwilliamforster.com/.../2008/11/Avoiding-Commercial-Lease-Pitfalls.pdf · Avoiding Commercial Lease Pitfalls LSNT CPD ... remedy

Avoiding 19 Common OpenGL Pitfalls

Avoiding Employment-Related Pitfalls

Avoiding the Pitfalls In A Layoff World · Avoiding the Pitfalls In A Layoff World. Avoiding the Pitfalls In A Layoff World. ... Use networking events and job clubs ... Over 250 job

Avoiding SOA Pitfalls

Avoiding the Pitfalls of International Expansion

Avoiding Investment Pitfalls

Avoiding common database pitfalls

Avoiding pitfalls of bad slides

Avoiding Fringe Benefit Pitfalls - venable.com

Avoiding Ethical Pitfalls in the Deposition Process

Implementation of SDLC at OHSU: Successes & Pitfalls

AVOIDING COMPETITION PITFALLS IN CREATING AND …

IoT for Organizations: Avoiding Common Pitfalls

E-Commerce SEO - Avoiding Pitfalls

Scaling MongoDB: Avoiding Common Pitfalls - Percona · Scaling MongoDB: Avoiding Common Pitfalls Jon Tobin Senior Systems Engineer [email protected] @jontobs

Avoiding the Pitfalls of Document- centric Data Managementdmgfederal.com/wp...Pitfalls-of-Document-Centric-Data-Management... · Avoiding the Pitfalls of Document-centric Data Management

UCC Secured Transactions: Avoiding Pitfalls in Perfecting ...media.straffordpub.com/products/ucc-secured-transactions-avoiding... · 1 UCC Secured Transactions: Avoiding Pitfalls

Safety first: Avoiding medico- legal pitfalls Paramedical

Salicylate Toxicity: Avoiding the Pitfalls

Public Private Part Avoiding Pitfalls

Avoiding Legal Pitfalls

Avoiding the pitfalls of family communication!

Avoiding the Pitfalls of Short-term Missions

Avoiding JavaScript Pitfalls Through Tree Hugging

Avoiding the Pitfalls of an IRB Submission

Contract Manufacturing - Avoiding Pitfalls

Avoiding the GPS Pitfalls Indiana GIS Conference

Abm avoiding pitfalls

Avoiding the GPS Pitfalls Indiana GIS Conference

Avoiding Pitfalls in Energy Project Construction: EPC ...media.straffordpub.com/products/avoiding-pitfalls-in-energy-project... · Avoiding Pitfalls in Energy Project Construction:

Avoiding Pitfalls in Write-On Installations