SlideShare a Scribd company logo

Secure Coding 2013

The eCore Group
The eCore Group

Meenu Dogra is a software engineer who specializes in secure coding and application development. She holds an Oracle Certified Associate certification and gives webinars on security topics. Her document discusses the importance of online security for businesses and developers. It introduces the Secure System Development Life Cycle (SSDLC) as a method to incorporate security at all stages of developing software systems, from requirements analysis to verification. The SSDLC aims to address vulnerabilities that could otherwise pose risks to an organization's online operations and security.

Technology
1 of 14
LHSSS-5 Secure Coding Meenu Dogra Software Engineer www.LearnHackingSecurity.com
About Myself  Meenu Dogra  Software Engineer  Specializes in Secure Coding/Application Development  Oracle Certified Associate (OCA)  Speaker – Webinars  Email : Meenu . Dogra@eCoreTechnoS.com
Internet – World Wide Connectivity »95.6% people are online right when they wake up Reading Online News Online Online Banking / Shopping Transactions Internet Social Sites – E-mails Connect Everyone's
Business Strategy – Being Online • Each and every organization now want to be online. » Online Business Strategy • Selling Products Online • Online Marketing (Social Websites + Ads) • Online Products Analysis • But it can be a huge Risk for their Business » So, Developers need to make a “TRUST OF SECURITY”
Security – High Priority • Online Security is a biggest challenge » Developers Issues • Operating System Vulnerability • Firewall Security Breach • Network Security Flaws • Intrusion Detection System Vulnerability • Application-based Vulnerability
Secure System Development Life Cycle
Secure System Development Life Cycle (SSDLC) Requirement Design Implementation Verification Analysis
SSDLC
SSDLC
SSDLC
SSDLC :: Graphical Explanation
SSDLC
LHS Connections and Updates #HackingTechnoS Get Latest Facebook Hacking & Security Updates Security Updates Connect with us Subscribed on Facebook.com/HackingTechn Hands-On Labs LHS/ePaper ologies
Resources http://www.eCoreTechnoS.com www.LearnHackingSecurity.com http://www.HackingTechnologies.com http://www.GetHackingSecurity.com

Recommended

Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.
Mykhailo Antonishyn
 
OWASP Top 10 Project
OWASP Top 10 ProjectOWASP Top 10 Project
OWASP Top 10 Project
Muhammad Shehata
 
Application Security Testing(AST)
Application Security Testing(AST)Application Security Testing(AST)
Application Security Testing(AST)
Arvind Bhardwaj [AB]
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners
Checkmarx
 
Testing Web Application Security
Testing Web Application SecurityTesting Web Application Security
Testing Web Application Security
Ted Husted
 
Owasp
Owasp Owasp
Owasp
penetration Tester
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
Cybersecurity Education and Research Centre
 

Recommended

Secure SDLC in mobile software development.
Secure SDLC in mobile software development.Secure SDLC in mobile software development.
Secure SDLC in mobile software development.
Mykhailo Antonishyn
 
OWASP Top 10 Project
OWASP Top 10 ProjectOWASP Top 10 Project
OWASP Top 10 Project
Muhammad Shehata
 
Application Security Testing(AST)
Application Security Testing(AST)Application Security Testing(AST)
Application Security Testing(AST)
Arvind Bhardwaj [AB]
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
 
Application Security Guide for Beginners
Application Security Guide for Beginners Application Security Guide for Beginners
Application Security Guide for Beginners
Checkmarx
 
Testing Web Application Security
Testing Web Application SecurityTesting Web Application Security
Testing Web Application Security
Ted Husted
 
Owasp
Owasp Owasp
Owasp
penetration Tester
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
Cybersecurity Education and Research Centre
 
Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsOh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web Apps
TechWell
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 Issue
Ishan Girdhar
 
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeCrafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Digital Defense Inc
 
Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014
Sophos Benelux
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
Jannis Kirschner
 
OWASP Top Ten in Practice
OWASP Top Ten in PracticeOWASP Top Ten in Practice
OWASP Top Ten in Practice
Security Innovation
 
5 Important Secure Coding Practices
5 Important Secure Coding Practices5 Important Secure Coding Practices
5 Important Secure Coding Practices
Thomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
Priyanka Aash
 
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security RisksOWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
All Things Open
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Anant Shrivastava
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
Marco Morana
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software development
Bill Ross
 
Application Security Risk Assessment
Application Security Risk AssessmentApplication Security Risk Assessment
Application Security Risk Assessment
Thomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10
YasserElsnbary
 
Security testing fundamentals
Security testing fundamentalsSecurity testing fundamentals
Security testing fundamentals
Cygnet Infotech
 
Security testing
Security testingSecurity testing
Security testing
Tabăra de Testare
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
Zakaria SMAHI
 
Security Testing
Security TestingSecurity Testing
Security Testing
Qualitest
 
we45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Studywe45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Study
we45
 
Online shopping Project
Online shopping Project Online shopping Project
Online shopping Project
Krishna Mohan Shakya
 
Online Shopping System [SE]
Online Shopping System [SE]Online Shopping System [SE]
Online Shopping System [SE]
Ch Fahadi
 
The Best Source Code VB
The Best Source Code VBThe Best Source Code VB
The Best Source Code VB
Nurdin Al-Azies
 

More Related Content

What's hot

Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsOh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web Apps
TechWell
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
Marco Morana
 

What's hot (19)

Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsOh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web Apps
 
Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 Issue
 
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeCrafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
 
Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
 
OWASP Top Ten in Practice
OWASP Top Ten in PracticeOWASP Top Ten in Practice
OWASP Top Ten in Practice
 
5 Important Secure Coding Practices
5 Important Secure Coding Practices5 Important Secure Coding Practices
5 Important Secure Coding Practices
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
 
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security RisksOWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software development
 
Application Security Risk Assessment
Application Security Risk AssessmentApplication Security Risk Assessment
Application Security Risk Assessment
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10
 
Security testing fundamentals
Security testing fundamentalsSecurity testing fundamentals
Security testing fundamentals
 
Security testing
Security testingSecurity testing
Security testing
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
Security Testing
Security TestingSecurity Testing
Security Testing
 
we45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Studywe45 - Web Application Security Testing Case Study
we45 - Web Application Security Testing Case Study
 

Viewers also liked

Visual Basic Codes And Screen Designs
Visual Basic Codes And Screen DesignsVisual Basic Codes And Screen Designs
Visual Basic Codes And Screen Designs
prcastano
 

Viewers also liked (6)

Online shopping Project
Online shopping Project Online shopping Project
Online shopping Project
 
Online Shopping System [SE]
Online Shopping System [SE]Online Shopping System [SE]
Online Shopping System [SE]
 
The Best Source Code VB
The Best Source Code VBThe Best Source Code VB
The Best Source Code VB
 
Visual Basic Codes And Screen Designs
Visual Basic Codes And Screen DesignsVisual Basic Codes And Screen Designs
Visual Basic Codes And Screen Designs
 
Online Shopping Full Project Presentation (20 slides)
Online Shopping Full Project Presentation (20 slides)Online Shopping Full Project Presentation (20 slides)
Online Shopping Full Project Presentation (20 slides)
 
project on visual basic 6.0 ' Jewellery Shop Management'
project on visual basic 6.0 ' Jewellery Shop Management' project on visual basic 6.0 ' Jewellery Shop Management'
project on visual basic 6.0 ' Jewellery Shop Management'
 

Similar to Secure Coding 2013

Security in an Interconnected and Complex World of Software
Security in an Interconnected and Complex World of SoftwareSecurity in an Interconnected and Complex World of Software
Security in an Interconnected and Complex World of Software
Michael Coates
 
Jump Start Your Application Security Knowledge
Jump Start Your Application Security KnowledgeJump Start Your Application Security Knowledge
Jump Start Your Application Security Knowledge
Denim Group
 
2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Delivery2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Delivery
devopsdaysaustin
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
rkadayam
 

Similar to Secure Coding 2013 (20)

Harness Your Code, Unleash Your Creativity: Your Team's Pragmatic Guide to Se...
Harness Your Code, Unleash Your Creativity: Your Team's Pragmatic Guide to Se...Harness Your Code, Unleash Your Creativity: Your Team's Pragmatic Guide to Se...
Harness Your Code, Unleash Your Creativity: Your Team's Pragmatic Guide to Se...
 
The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016
 
Security in an Interconnected and Complex World of Software
Security in an Interconnected and Complex World of SoftwareSecurity in an Interconnected and Complex World of Software
Security in an Interconnected and Complex World of Software
 
System Security on Cloud
System Security on CloudSystem Security on Cloud
System Security on Cloud
 
The Journey to DevSecOps
The Journey to DevSecOpsThe Journey to DevSecOps
The Journey to DevSecOps
 
The Journey to DevSecOps
The Journey to DevSecOpsThe Journey to DevSecOps
The Journey to DevSecOps
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
Developing A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramDeveloping A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response Program
 
What is ethical hacking
What is ethical hackingWhat is ethical hacking
What is ethical hacking
 
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 
Re-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptxRe-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptx
 
Jump Start Your Application Security Knowledge
Jump Start Your Application Security KnowledgeJump Start Your Application Security Knowledge
Jump Start Your Application Security Knowledge
 
An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015
 
2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Delivery2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Delivery
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
 
Keeping Secrets on the Internet of Things - Mobile Web Application Security
Keeping Secrets on the Internet of Things - Mobile Web Application SecurityKeeping Secrets on the Internet of Things - Mobile Web Application Security
Keeping Secrets on the Internet of Things - Mobile Web Application Security
 

More from The eCore Group

More from The eCore Group (9)

Top 5 Cyber Threats of 2014
Top 5 Cyber Threats of 2014Top 5 Cyber Threats of 2014
Top 5 Cyber Threats of 2014
 
15 Tips to Protect Yourself from Cyber Attacks
15 Tips to Protect Yourself from Cyber Attacks15 Tips to Protect Yourself from Cyber Attacks
15 Tips to Protect Yourself from Cyber Attacks
 
Top 10 Cyber Attacks on Healthcare Industry
Top 10 Cyber Attacks on Healthcare IndustryTop 10 Cyber Attacks on Healthcare Industry
Top 10 Cyber Attacks on Healthcare Industry
 
India is Cyber Vulnerable
India is Cyber VulnerableIndia is Cyber Vulnerable
India is Cyber Vulnerable
 
CMS Joomla
CMS JoomlaCMS Joomla
CMS Joomla
 
Cyber crime trends in 2013
Cyber crime trends in 2013 Cyber crime trends in 2013
Cyber crime trends in 2013
 
Next Generation Firewalls
Next Generation FirewallsNext Generation Firewalls
Next Generation Firewalls
 
Windows server 2012 security Webinar
Windows server 2012 security WebinarWindows server 2012 security Webinar
Windows server 2012 security Webinar
 
Windows 8 security eCore
Windows 8 security eCoreWindows 8 security eCore
Windows 8 security eCore
 

Recently uploaded

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Recently uploaded (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 

Secure Coding 2013

  • 1. LHSSS-5 Secure Coding Meenu Dogra Software Engineer www.LearnHackingSecurity.com
  • 2. About Myself  Meenu Dogra  Software Engineer  Specializes in Secure Coding/Application Development  Oracle Certified Associate (OCA)  Speaker – Webinars  Email : Meenu . Dogra@eCoreTechnoS.com
  • 3. Internet – World Wide Connectivity »95.6% people are online right when they wake up Reading Online News Online Online Banking / Shopping Transactions Internet Social Sites – E-mails Connect Everyone's
  • 4. Business Strategy – Being Online • Each and every organization now want to be online. » Online Business Strategy • Selling Products Online • Online Marketing (Social Websites + Ads) • Online Products Analysis • But it can be a huge Risk for their Business » So, Developers need to make a “TRUST OF SECURITY”
  • 5. Security – High Priority • Online Security is a biggest challenge » Developers Issues • Operating System Vulnerability • Firewall Security Breach • Network Security Flaws • Intrusion Detection System Vulnerability • Application-based Vulnerability
  • 7. Secure System Development Life Cycle (SSDLC) Requirement Design Implementation Verification Analysis
  • 10. SSDLC
  • 11. SSDLC :: Graphical Explanation
  • 12. SSDLC
  • 13. LHS Connections and Updates #HackingTechnoS Get Latest Facebook Hacking & Security Updates Security Updates Connect with us Subscribed on Facebook.com/HackingTechn Hands-On Labs LHS/ePaper ologies
  • 14. Resources http://www.eCoreTechnoS.com www.LearnHackingSecurity.com http://www.HackingTechnologies.com http://www.GetHackingSecurity.com

Editor's Notes

  1. Here is an example of our approach in action. This is the Koobface attack, which is still active in the wild.Starts as a link to a non-existent video on a malicious site sent via IM, email, or webmail. The first layer of protection is web filtering to block access to the site. If the user clicks on the link, he would receive a phony alert telling him his player is not working, and to download a non-existent new version on a malicious site. By clicking on the “OK” button on the phony Error message, the user is actually instructing his system to install the virus. Antivirus protection would detect the file that the user is trying to install, and block itOnce installed, the worm would try to propagate. The IPS technology would detect the propagation effort, and block it before it could succeed.