handling of security requirements in software … › karlsruhe › 2017 › sites...handling of...
TRANSCRIPT
![Page 1: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/1.jpg)
HANDLING OF SECURITYREQUIREMENTS IN SOFTWARE
DEVELOPMENT LIFECYCLEDANIEL KEFER, RENÉ REUTER
![Page 2: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/2.jpg)
@DKEFER
![Page 3: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/3.jpg)
@_ARES_SEC
![Page 4: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/4.jpg)
ISSUES
![Page 5: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/5.jpg)
REPEATING MISTAKES
![Page 6: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/6.jpg)
SECURITY DOCUMENTATION
![Page 7: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/7.jpg)
SECURITY BEHIND DEV PROCESSES ANDTOOLING
![Page 8: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/8.jpg)
APPROACH
![Page 9: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/9.jpg)
ALIGN THE PROCESS
![Page 10: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/10.jpg)
SCALE
![Page 11: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/11.jpg)
KISS
![Page 12: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/12.jpg)
SECURITYRAT
![Page 13: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/13.jpg)
![Page 14: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/14.jpg)
USE CASESNew assets
Production assets
![Page 15: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/15.jpg)
DEMO
![Page 16: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/16.jpg)
INTERNALS
![Page 18: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/18.jpg)
Requirement Skeletons
![Page 19: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/19.jpg)
Optional Columns
![Page 20: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/20.jpg)
Alternatives to Option Columns
![Page 21: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/21.jpg)
Status Columns
![Page 22: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/22.jpg)
Implementation Type
![Page 23: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/23.jpg)
Collections
![Page 24: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/24.jpg)
Tags
![Page 25: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/25.jpg)
AUTHENTICATIONOwn authentication scheme
CAS (Central Authentication Service)
![Page 26: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/26.jpg)
ROLESFrontend User
User
Admin
![Page 27: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/27.jpg)
JIRA INTEGRATIONCross Origin Request Sharing
SecurityRAT inherits user‘s rights in JIRA
![Page 28: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/28.jpg)
SECURITYCAT
![Page 29: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/29.jpg)
![Page 30: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/30.jpg)
![Page 31: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/31.jpg)
![Page 32: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/32.jpg)
![Page 33: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/33.jpg)
FUTURE PLANS
![Page 34: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/34.jpg)
SECURITYRAT 2.0https://github.com/SecurityRAT/SecurityRAT/wiki/Version-
2.0-Brainstorming
![Page 35: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/35.jpg)
COMMUNITYIssues
Pull requests
Derived projects
![Page 36: HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE … › karlsruhe › 2017 › sites...HANDLING OF SECURITY REQUIREMENTS IN SOFTWARE DEVELOPMENT LIFECYCLE ... KISS. SECURITYRAT. USE](https://reader033.vdocuments.net/reader033/viewer/2022060412/5f10bf797e708231d44aa024/html5/thumbnails/36.jpg)
THANK YOU FOR YOUR ATTENTION!https://securityrat.github.io