Security in the wild
By Renato Rodrigues
Join the conversation #devseccon
Who Am I
Renato Rodrigues - @simpsOn - //pathonproject..com
Agenda
The world as we know it
Facing the world
Survival mode
The world as we know it
Implementation of new features
New technology hype(s)
Distorted notion of time
New issues arise every day
Security is not part of the process!
Facing the world
Software Dev. Life Cycle
Requirements
Who is going to use the system?
How will they use the system?
What data should be input into the system?
What data should be output by the system?
Requirement Specification document
Requirements
Product Team
Security Perceptions
Security Work
Improvements
Design
System Design helps in:
- specifying hardware and system requirements;
- defining overall system architecture (interactions, structures, technologies,...).
Implementation and Support Documentation
Design
Architecture Teams
Security Perceptions
Security Work
Improvements
Code
The work is divided into modules/units and actual coding is started. During this phase, the code should be the developer's main focus.
Real Product
Code
Development Teams
Security Perceptions
Security Work
Improvements
Testing
After code development, it is necessary to test it against the requirements to verify that the product addresses the needs collected during the requirements stage.
Product Validation!
Testing
QA Teams
Security Perceptions
Security Work
Improvements
Deployment
After successful testing, the product can finally be delivered/deployed to the customer.
Live to the world!
Deployment
DevOps Teams
Security Perceptions
Security Work
Improvements
S. Software Dev. Life Cycle
Thank you for your time!
Join the conversation #devseccon
Renato Rodrigues - @simpsOn - //pathonproject..com
Security in the wild
By Renato Rodrigues
Security in the wild
Presentation for DevSecCon 2016, London (https://www.devseccon.com/blog/session/security-in-the-wild-2/).
