\
The Gentle Art Of Making Secure Software
\
Agenda
Most Common Issues
Classification and Tracking
Principles of Secure Development
SDLC and Pipeline
Security Process
Bring People Aware of Security
Challenges
Cross Site Scripting (XSS)
Cross-site request forgery
(CSRF)
↓
clickjacking
Header Manipulation
XML External Entity (XXE)
Log Forging
Logical Flaws
Classification
Impacted Services x Impact x Urgency
Tracking
Automated Tools
Scan Results | Notes
Content Management System (CMS)
Internally Developed | Fit our needs | Vulnerability Database
Integration with Developers Tools
Integration | Visibility | Fixing Track
Principles of Secure Development
Focus on Developers
Based on the most Commom Issues
Keep It Short and Simple
PRINCIPLES OF SECURE DEVELOPMENT
Validation
Error Handling / Auths / Session Management
Secure
Software Development Life Cycle
Secure Software Development Life Cycle
Security Champion
What we Do
What Tools we Use ?
Bring People Aware of Security
Security Champions Event
Security University
Show Something Cool
Future Challenges
New Technologies
Automation
Education
This is not Rocket Science!
Q&A
Renato Rodrigues | @simps0n | www.pathonproject.com
www.blip.pt
✎ References
http://www.securityninja.co.uk/secure-development/
http://resources.infosecinstitute.com/intro-secure-software-development-life-cycle/
The Gentle Art of Making Secure Software
By Renato Rodrigues
The Gentle Art of Making Secure Software
Presentation for Rumos Web Application Tech Sessions at Lisbon and Porto.
- 6,737