SlideShare ist ein Scribd-Unternehmen logo

Secure Software Development Lifecycle (SSDL) Techniques

•Als PPTX, PDF herunterladen•
•
Asankhaya Sharma
Asankhaya Sharma

The document discusses secure software development. It recommends considering security throughout the software development lifecycle, from requirements to deployment. Key aspects discussed include identifying security requirements for sensitive data, applying principles for secure design like simplicity and defense in depth, implementing secure coding rules through code reviews and testing with techniques like fuzzing and penetration testing. The document also discusses methodologies like BSIMM and SDL and notes that continuous delivery requires continuous security integration and automation.

Software
1 von 17
Secure Software Development Dr. Asankhaya Sharma SIT
20-Feb-16 2
Secure Software Development • Consider security throughout the software development lifecycle – Requirements – Design – Implementation – Testing – Deployment 20-Feb-16 3
Requirements • Identify sensitive data and resources • Define security requirements for them – Confidentiality – Integrity – Availability • Consider threats and abuse cases that violate these requirements 20-Feb-16 4
Application Specific •Abuse/Misuse Cases •Threat Models •Attacks •Assets Generic •Common Best Practices •Legal •IT •Development Architectural Risk Analysis •Underlying Framework •Ambiguity Analysis •Fundamental Weakness Attack Patterns •Historical Risks •Vulnerabilities 20-Feb-16 5
Design • Apply principles for secure software design – Prevent, mitigate and detect possible attacks • Security principles – Favor Simplicity – Trust with Reluctance – Defend in Depth 20-Feb-16 6
20-Feb-16 7
Implementation • Apply coding rules that implement secure design • Use automated code review techniques to find potential vulnerabilities components – Static Analysis – Symbolic execution 20-Feb-16 8
20-Feb-16 9
Testing • Penetration Testing to find potential flaws in the real system – Fuzz testing • Employ attack patterns 20-Feb-16 10
Different methodologies • BSIMM (Building Security In – Maturity Model) – http://bsimm.com • Microsoft Security Development Lifecycle – https://www.microsoft.com/en-us/sdl/ • OpenSAMM Software Assurance Maturity Model – http://opensamm.org 20-Feb-16 11
20-Feb-16 12
Continuous Delivery of Software 20-Feb-16 13
20-Feb-16 14
Continuous Security • Requires security automation • Integrate into CD environment and tools – Source code management systems • GitHub, Bitbucket etc. – Build systems • Travis CI, Jenkins etc. • Audit third party component and open-source library usage 20-Feb-16 15
Takeaways • Security practices should be built in during the software development process • Continuous delivery needs continuous security 20-Feb-16 16
Thanks! • Questions? • Contact – @asankhaya 20-Feb-16 17

Empfohlen

Automated tools for security, the challenge 2.0?
Automated tools for security, the challenge 2.0?Automated tools for security, the challenge 2.0?
Automated tools for security, the challenge 2.0?Romain Gaucher
 
Intruders and Intrusion detection in Cryptosystems
Intruders and Intrusion detection in CryptosystemsIntruders and Intrusion detection in Cryptosystems
Intruders and Intrusion detection in CryptosystemsVelanSalis
 
Network security
Network securityNetwork security
Network securityDonald West Rock
 
Prepare Yourself to Become Infosec Professional
Prepare Yourself to Become Infosec ProfessionalPrepare Yourself to Become Infosec Professional
Prepare Yourself to Become Infosec ProfessionalM.Syarifudin, ST, OSCP, OSWP
 
Ethical Hacking - An Overview
Ethical Hacking - An OverviewEthical Hacking - An Overview
Ethical Hacking - An OverviewAfaq Mansoor Khan
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingAishwary Sinha
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
LTS Cyber Security Analytics
LTS Cyber Security AnalyticsLTS Cyber Security Analytics
LTS Cyber Security Analyticsrver21
 

Empfohlen

Automated tools for security, the challenge 2.0?
Automated tools for security, the challenge 2.0?Automated tools for security, the challenge 2.0?
Automated tools for security, the challenge 2.0?Romain Gaucher
 
Intruders and Intrusion detection in Cryptosystems
Intruders and Intrusion detection in CryptosystemsIntruders and Intrusion detection in Cryptosystems
Intruders and Intrusion detection in CryptosystemsVelanSalis
 
Network security
Network securityNetwork security
Network securityDonald West Rock
 
Prepare Yourself to Become Infosec Professional
Prepare Yourself to Become Infosec ProfessionalPrepare Yourself to Become Infosec Professional
Prepare Yourself to Become Infosec ProfessionalM.Syarifudin, ST, OSCP, OSWP
 
Ethical Hacking - An Overview
Ethical Hacking - An OverviewEthical Hacking - An Overview
Ethical Hacking - An OverviewAfaq Mansoor Khan
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingAishwary Sinha
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
LTS Cyber Security Analytics
LTS Cyber Security AnalyticsLTS Cyber Security Analytics
LTS Cyber Security Analyticsrver21
 
Networking
NetworkingNetworking
NetworkingSalman Memon
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk ManagmentMLG College of Learning, Inc
 
Attackers process
Attackers processAttackers process
Attackers processbegmohsin
 
Basic penetration testing & Ethical Hacking 2nd module
Basic penetration testing & Ethical Hacking 2nd module Basic penetration testing & Ethical Hacking 2nd module
Basic penetration testing & Ethical Hacking 2nd module ankit sarode
 
Lesson 4
Lesson 4Lesson 4
Lesson 4MLG College of Learning, Inc
 
Log maintenance network securiy
Log maintenance network securiyLog maintenance network securiy
Log maintenance network securiyMohsin Ali
 
EthicalHacking_AakashTakale
EthicalHacking_AakashTakaleEthicalHacking_AakashTakale
EthicalHacking_AakashTakaleAakash Takale
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingGarla Prajwal
 
Ijcis -->cfp
Ijcis -->cfp Ijcis -->cfp
Ijcis -->cfp JonesSmith7
 
CompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsCompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsGanbayar Sukhbaatar
 
call for papers - International Journal on Cryptography and Information Secur...
call for papers - International Journal on Cryptography and Information Secur...call for papers - International Journal on Cryptography and Information Secur...
call for papers - International Journal on Cryptography and Information Secur...JonesSmith7
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgEric Vanderburg
 
SL_Long Beach_Creative Artists_12_04_2015
SL_Long Beach_Creative Artists_12_04_2015SL_Long Beach_Creative Artists_12_04_2015
SL_Long Beach_Creative Artists_12_04_2015Jon Papp
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgEric Vanderburg
 
OWASP Top 10 A4 – Insecure Direct Object Reference
OWASP Top 10 A4 – Insecure Direct Object ReferenceOWASP Top 10 A4 – Insecure Direct Object Reference
OWASP Top 10 A4 – Insecure Direct Object ReferenceNarudom Roongsiriwong, CISSP
 
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...Edureka!
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingAgung Suwandaru
 
IndiĂĄnboszorkĂĄny
IndiĂĄnboszorkĂĄnyIndiĂĄnboszorkĂĄny
IndiĂĄnboszorkĂĄnyKlĂĄri Papp
 
Resume1a
Resume1aResume1a
Resume1aZenas Carney
 
El sustantivo 1Âş
El sustantivo 1ÂşEl sustantivo 1Âş
El sustantivo 1Âşmisslourdes21
 
Hindustan products ltd
Hindustan products ltdHindustan products ltd
Hindustan products ltdBhavin Agrawal
 

Weitere ähnliche Inhalte

Was ist angesagt?

Attackers process
Attackers processAttackers process
Attackers processbegmohsin
 
Basic penetration testing & Ethical Hacking 2nd module
Basic penetration testing & Ethical Hacking 2nd module Basic penetration testing & Ethical Hacking 2nd module
Basic penetration testing & Ethical Hacking 2nd module ankit sarode
 
Log maintenance network securiy
Log maintenance network securiyLog maintenance network securiy
Log maintenance network securiyMohsin Ali
 
EthicalHacking_AakashTakale
EthicalHacking_AakashTakaleEthicalHacking_AakashTakale
EthicalHacking_AakashTakaleAakash Takale
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingGarla Prajwal
 
Ijcis -->cfp
Ijcis -->cfp Ijcis -->cfp
Ijcis -->cfp JonesSmith7
 
CompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsCompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsGanbayar Sukhbaatar
 
call for papers - International Journal on Cryptography and Information Secur...
call for papers - International Journal on Cryptography and Information Secur...call for papers - International Journal on Cryptography and Information Secur...
call for papers - International Journal on Cryptography and Information Secur...JonesSmith7
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgEric Vanderburg
 
SL_Long Beach_Creative Artists_12_04_2015
SL_Long Beach_Creative Artists_12_04_2015SL_Long Beach_Creative Artists_12_04_2015
SL_Long Beach_Creative Artists_12_04_2015Jon Papp
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgEric Vanderburg
 
OWASP Top 10 A4 – Insecure Direct Object Reference
OWASP Top 10 A4 – Insecure Direct Object ReferenceOWASP Top 10 A4 – Insecure Direct Object Reference
OWASP Top 10 A4 – Insecure Direct Object ReferenceNarudom Roongsiriwong, CISSP
 
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...Edureka!
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingAgung Suwandaru
 

Was ist angesagt? (18)

Networking
NetworkingNetworking
Networking
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk Managment
 
Attackers process
Attackers processAttackers process
Attackers process
 
Basic penetration testing & Ethical Hacking 2nd module
Basic penetration testing & Ethical Hacking 2nd module Basic penetration testing & Ethical Hacking 2nd module
Basic penetration testing & Ethical Hacking 2nd module
 
Lesson 4
Lesson 4Lesson 4
Lesson 4
 
Log maintenance network securiy
Log maintenance network securiyLog maintenance network securiy
Log maintenance network securiy
 
EthicalHacking_AakashTakale
EthicalHacking_AakashTakaleEthicalHacking_AakashTakale
EthicalHacking_AakashTakale
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ijcis -->cfp
Ijcis -->cfp Ijcis -->cfp
Ijcis -->cfp
 
CompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsCompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentals
 
call for papers - International Journal on Cryptography and Information Secur...
call for papers - International Journal on Cryptography and Information Secur...call for papers - International Journal on Cryptography and Information Secur...
call for papers - International Journal on Cryptography and Information Secur...
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
 
SL_Long Beach_Creative Artists_12_04_2015
SL_Long Beach_Creative Artists_12_04_2015SL_Long Beach_Creative Artists_12_04_2015
SL_Long Beach_Creative Artists_12_04_2015
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
 
OWASP Top 10 A4 – Insecure Direct Object Reference
OWASP Top 10 A4 – Insecure Direct Object ReferenceOWASP Top 10 A4 – Insecure Direct Object Reference
OWASP Top 10 A4 – Insecure Direct Object Reference
 
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
How to Become an Ethical Hacker? | Ethical Hacking Career | Ethical Hacker Sa...
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 

Andere mochten auch

IndiĂĄnboszorkĂĄny
IndiĂĄnboszorkĂĄnyIndiĂĄnboszorkĂĄny
IndiĂĄnboszorkĂĄnyKlĂĄri Papp
 
El sustantivo 1Âş
El sustantivo 1ÂşEl sustantivo 1Âş
El sustantivo 1Âşmisslourdes21
 
Hindustan products ltd
Hindustan products ltdHindustan products ltd
Hindustan products ltdBhavin Agrawal
 
Ashley A. Work Log Pictures
Ashley A. Work Log PicturesAshley A. Work Log Pictures
Ashley A. Work Log Picturesashleyasbell
 
Śniadanie Daje Moc
Śniadanie Daje MocŚniadanie Daje Moc
Śniadanie Daje Mocbrandsupportpl
 
SelecciĂłn de elementos de control y protecciĂłn
SelecciĂłn de elementos de control y protecciĂłnSelecciĂłn de elementos de control y protecciĂłn
SelecciĂłn de elementos de control y protecciĂłnJesus Aguilar Hernandez
 
Forbes webinar: The transformative CMO
Forbes webinar: The transformative CMOForbes webinar: The transformative CMO
Forbes webinar: The transformative CMOAnaplan
 
Enjoy Electron Everyone!
Enjoy Electron Everyone!Enjoy Electron Everyone!
Enjoy Electron Everyone!m1sogi
 
5 Erfolgstipps fĂźr bessere Quoten
5 Erfolgstipps fĂźr bessere Quoten5 Erfolgstipps fĂźr bessere Quoten
5 Erfolgstipps fĂźr bessere QuotenAnaplan
 

Andere mochten auch (12)

IndiĂĄnboszorkĂĄny
IndiĂĄnboszorkĂĄnyIndiĂĄnboszorkĂĄny
IndiĂĄnboszorkĂĄny
 
Resume1a
Resume1aResume1a
Resume1a
 
El sustantivo 1Âş
El sustantivo 1ÂşEl sustantivo 1Âş
El sustantivo 1Âş
 
Hindustan products ltd
Hindustan products ltdHindustan products ltd
Hindustan products ltd
 
Billetes falsos p5
Billetes falsos p5Billetes falsos p5
Billetes falsos p5
 
Ashley A. Work Log Pictures
Ashley A. Work Log PicturesAshley A. Work Log Pictures
Ashley A. Work Log Pictures
 
EHUMOOC2014
EHUMOOC2014EHUMOOC2014
EHUMOOC2014
 
Śniadanie Daje Moc
Śniadanie Daje MocŚniadanie Daje Moc
Śniadanie Daje Moc
 
SelecciĂłn de elementos de control y protecciĂłn
SelecciĂłn de elementos de control y protecciĂłnSelecciĂłn de elementos de control y protecciĂłn
SelecciĂłn de elementos de control y protecciĂłn
 
Forbes webinar: The transformative CMO
Forbes webinar: The transformative CMOForbes webinar: The transformative CMO
Forbes webinar: The transformative CMO
 
Enjoy Electron Everyone!
Enjoy Electron Everyone!Enjoy Electron Everyone!
Enjoy Electron Everyone!
 
5 Erfolgstipps fĂźr bessere Quoten
5 Erfolgstipps fĂźr bessere Quoten5 Erfolgstipps fĂźr bessere Quoten
5 Erfolgstipps fĂźr bessere Quoten
 

Ähnlich wie Secure Software Development Lifecycle (SSDL) Techniques

CISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security LeadersCISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security LeadersNUS-ISS
 
Securing Web Applications
Securing Web ApplicationsSecuring Web Applications
Securing Web ApplicationsMark Garratt
 
Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...John M. Willis
 
Enumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLCEnumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLCJohn M. Willis
 
Chapter 1 introduction to-information_security
Chapter 1 introduction to-information_securityChapter 1 introduction to-information_security
Chapter 1 introduction to-information_securitySyaiful Ahdan
 
Integrating security into the application development process
Integrating security into the application development processIntegrating security into the application development process
Integrating security into the application development processJerod Brennen
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt01Introduction to Information Security.ppt
01Introduction to Information Security.pptit160320737038
 
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...North Texas Chapter of the ISSA
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile WorldDavid Lindner
 
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Dilum Bandara
 
Implementing AppSec Policies with TeamMentor
Implementing AppSec Policies with TeamMentorImplementing AppSec Policies with TeamMentor
Implementing AppSec Policies with TeamMentortmbainjr131
 
4_25655_SE731_2020_1__2_1_Lecture 1 - Course Outline and Secure SDLC.ppt
4_25655_SE731_2020_1__2_1_Lecture 1 - Course Outline and Secure SDLC.ppt4_25655_SE731_2020_1__2_1_Lecture 1 - Course Outline and Secure SDLC.ppt
4_25655_SE731_2020_1__2_1_Lecture 1 - Course Outline and Secure SDLC.pptgealehegn
 
Open DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - SonatypeOpen DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - SonatypeEmerasoft, solutions to collaborate
 
Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Application Portfolio Risk Ranking: Banishing FUD With Structure and NumbersApplication Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Application Portfolio Risk Ranking: Banishing FUD With Structure and NumbersDenim Group
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskProtecode
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskSource Code Control Limited
 
Dealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleDealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleRochester Security Summit
 
Assessing System Risk the Smart Way
Assessing System Risk the Smart WayAssessing System Risk the Smart Way
Assessing System Risk the Smart WaySecurity Innovation
 

Ähnlich wie Secure Software Development Lifecycle (SSDL) Techniques (20)

CISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security LeadersCISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security Leaders
 
Securing Web Applications
Securing Web ApplicationsSecuring Web Applications
Securing Web Applications
 
Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...
 
Enumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLCEnumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLC
 
Chapter 1 introduction to-information_security
Chapter 1 introduction to-information_securityChapter 1 introduction to-information_security
Chapter 1 introduction to-information_security
 
Integrating security into the application development process
Integrating security into the application development processIntegrating security into the application development process
Integrating security into the application development process
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt01Introduction to Information Security.ppt
01Introduction to Information Security.ppt
 
ISAA PPt
ISAA PPtISAA PPt
ISAA PPt
 
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
 
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...
 
Implementing AppSec Policies with TeamMentor
Implementing AppSec Policies with TeamMentorImplementing AppSec Policies with TeamMentor
Implementing AppSec Policies with TeamMentor
 
4_25655_SE731_2020_1__2_1_Lecture 1 - Course Outline and Secure SDLC.ppt
4_25655_SE731_2020_1__2_1_Lecture 1 - Course Outline and Secure SDLC.ppt4_25655_SE731_2020_1__2_1_Lecture 1 - Course Outline and Secure SDLC.ppt
4_25655_SE731_2020_1__2_1_Lecture 1 - Course Outline and Secure SDLC.ppt
 
Open DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - SonatypeOpen DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
 
Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Application Portfolio Risk Ranking: Banishing FUD With Structure and NumbersApplication Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
Application Portfolio Risk Ranking: Banishing FUD With Structure and Numbers
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the Risk
 
Leveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the Risk
 
Dealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation StyleDealing with Web Application Security, Regulation Style
Dealing with Web Application Security, Regulation Style
 
Assessing System Risk the Smart Way
Assessing System Risk the Smart WayAssessing System Risk the Smart Way
Assessing System Risk the Smart Way
 

Mehr von Asankhaya Sharma

9 types of people you find on your team
9 types of people you find on your team9 types of people you find on your team
9 types of people you find on your teamAsankhaya Sharma
 
Design and Implementation of the Security Graph Language
Design and Implementation of the Security Graph LanguageDesign and Implementation of the Security Graph Language
Design and Implementation of the Security Graph LanguageAsankhaya Sharma
 
Securing Open Source Code in Enterprise
Securing Open Source Code in EnterpriseSecuring Open Source Code in Enterprise
Securing Open Source Code in EnterpriseAsankhaya Sharma
 
Verified Subtyping with Traits and Mixins
Verified Subtyping with Traits and MixinsVerified Subtyping with Traits and Mixins
Verified Subtyping with Traits and MixinsAsankhaya Sharma
 
Specifying compatible sharing in data structures
Specifying compatible sharing in data structuresSpecifying compatible sharing in data structures
Specifying compatible sharing in data structuresAsankhaya Sharma
 
Exploiting undefined behaviors for efficient symbolic execution
Exploiting undefined behaviors for efficient symbolic executionExploiting undefined behaviors for efficient symbolic execution
Exploiting undefined behaviors for efficient symbolic executionAsankhaya Sharma
 
DIDAR: Database Intrusion Detection with Automated Recovery
DIDAR: Database Intrusion Detection with Automated RecoveryDIDAR: Database Intrusion Detection with Automated Recovery
DIDAR: Database Intrusion Detection with Automated RecoveryAsankhaya Sharma
 
Developer-focused Software Security
Developer-focused Software SecurityDeveloper-focused Software Security
Developer-focused Software SecurityAsankhaya Sharma
 
Visualizing Symbolic Execution with Bokeh
Visualizing Symbolic Execution with BokehVisualizing Symbolic Execution with Bokeh
Visualizing Symbolic Execution with BokehAsankhaya Sharma
 
Crafting a Successful Engineering Career
Crafting a Successful Engineering CareerCrafting a Successful Engineering Career
Crafting a Successful Engineering CareerAsankhaya Sharma
 
Certified Reasoning for Automated Verification
Certified Reasoning for Automated VerificationCertified Reasoning for Automated Verification
Certified Reasoning for Automated VerificationAsankhaya Sharma
 
Last Days of Academy
Last Days of AcademyLast Days of Academy
Last Days of AcademyAsankhaya Sharma
 

Mehr von Asankhaya Sharma (13)

9 types of people you find on your team
9 types of people you find on your team9 types of people you find on your team
9 types of people you find on your team
 
Design and Implementation of the Security Graph Language
Design and Implementation of the Security Graph LanguageDesign and Implementation of the Security Graph Language
Design and Implementation of the Security Graph Language
 
Securing Open Source Code in Enterprise
Securing Open Source Code in EnterpriseSecuring Open Source Code in Enterprise
Securing Open Source Code in Enterprise
 
Verified Subtyping with Traits and Mixins
Verified Subtyping with Traits and MixinsVerified Subtyping with Traits and Mixins
Verified Subtyping with Traits and Mixins
 
Specifying compatible sharing in data structures
Specifying compatible sharing in data structuresSpecifying compatible sharing in data structures
Specifying compatible sharing in data structures
 
Exploiting undefined behaviors for efficient symbolic execution
Exploiting undefined behaviors for efficient symbolic executionExploiting undefined behaviors for efficient symbolic execution
Exploiting undefined behaviors for efficient symbolic execution
 
DIDAR: Database Intrusion Detection with Automated Recovery
DIDAR: Database Intrusion Detection with Automated RecoveryDIDAR: Database Intrusion Detection with Automated Recovery
DIDAR: Database Intrusion Detection with Automated Recovery
 
Developer-focused Software Security
Developer-focused Software SecurityDeveloper-focused Software Security
Developer-focused Software Security
 
Visualizing Symbolic Execution with Bokeh
Visualizing Symbolic Execution with BokehVisualizing Symbolic Execution with Bokeh
Visualizing Symbolic Execution with Bokeh
 
Crafting a Successful Engineering Career
Crafting a Successful Engineering CareerCrafting a Successful Engineering Career
Crafting a Successful Engineering Career
 
Certified Reasoning for Automated Verification
Certified Reasoning for Automated VerificationCertified Reasoning for Automated Verification
Certified Reasoning for Automated Verification
 
Last Days of Academy
Last Days of AcademyLast Days of Academy
Last Days of Academy
 
SayCheese Ad
SayCheese AdSayCheese Ad
SayCheese Ad
 

KĂźrzlich hochgeladen

Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 

KĂźrzlich hochgeladen (20)

Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 

Secure Software Development Lifecycle (SSDL) Techniques