Upload File

Download - Avoiding the Pitfalls of Secure SDLC

Transcript
Page 1: Avoiding the Pitfalls of Secure SDLC

Avoiding the Pitfalls of Secure SDLC

Succeeding with Automation

Page 2: Avoiding the Pitfalls of Secure SDLC

Introductions

Page 3: Avoiding the Pitfalls of Secure SDLC

Status Quo

Page 4: Avoiding the Pitfalls of Secure SDLC

Requir

emen

ts / A

rchite

cture

Coding

Integ

ration

/ Com

pone

nt Tes

ting

System

/ Acc

eptan

ce T

estin

g

Produc

tion /

Pos

t-Rele

ase

1x6x

11x16x21x26x31x36x

Rel

ativ

e co

st to

fix,

bas

ed o

n tim

e of

det

ectio

n

Source: NIST

Highest ROI

Where we find flaws today

Look familiar?

Page 5: Avoiding the Pitfalls of Secure SDLC

February 2012 Report from Quocirca

Page 6: Avoiding the Pitfalls of Secure SDLC

Results of an Open SAMM Assessment

Page 7: Avoiding the Pitfalls of Secure SDLC

Problems with Verification

Page 8: Avoiding the Pitfalls of Secure SDLC

Security Requirements

42%

58%

Not covered by scannersCan be caught by scanners

Page 9: Avoiding the Pitfalls of Secure SDLC

Scaling: Self-Serve

Page 10: Avoiding the Pitfalls of Secure SDLC

Solution: Automated, Criteria-based

Requirements Generation

Page 11: Avoiding the Pitfalls of Secure SDLC

Context

Page 12: Avoiding the Pitfalls of Secure SDLC

Matched Against Rules

Page 13: Avoiding the Pitfalls of Secure SDLC

Generates Threats

Page 14: Avoiding the Pitfalls of Secure SDLC

Matched Against Rules

Page 15: Avoiding the Pitfalls of Secure SDLC

Which Have Countermeasures

Page 16: Avoiding the Pitfalls of Secure SDLC

Apply the context for specific guidelines

Page 17: Avoiding the Pitfalls of Secure SDLC

And (Optionally) Import into ALM

Page 18: Avoiding the Pitfalls of Secure SDLC

Program Justification:$4k to find vuln in

production

Page 19: Avoiding the Pitfalls of Secure SDLC

[email protected]@sdelements.com


Top Related

E-Commerce SEO - Avoiding Pitfalls
E-Commerce SEO - Avoiding Pitfalls
Avoiding the GPS Pitfalls Indiana GIS Conference
Avoiding the GPS Pitfalls Indiana GIS Conference
Avoiding Investment Pitfalls
Avoiding Investment Pitfalls
Apama, Terracotta, webMethods Upgrade: Avoiding Common Pitfalls
Apama, Terracotta, webMethods Upgrade: Avoiding Common Pitfalls
UCC Secured Transactions: Avoiding Pitfalls in Perfecting ...media.straffordpub.com/products/ucc-secured-transactions-avoiding... · 1 UCC Secured Transactions: Avoiding Pitfalls
UCC Secured Transactions: Avoiding Pitfalls in Perfecting ...media.straffordpub.com/products/ucc-secured-transactions-avoiding... · 1 UCC Secured Transactions: Avoiding Pitfalls
Salicylate Toxicity: Avoiding the Pitfalls
Salicylate Toxicity: Avoiding the Pitfalls
Contract Manufacturing - Avoiding Pitfalls
Contract Manufacturing - Avoiding Pitfalls
Avoiding Legal Pitfalls
Avoiding Legal Pitfalls