Security in the wild

By Renato Rodrigues

Join the conversation #devseccon

Who Am I

Renato Rodrigues - @simpsOn - //pathonproject..com

Agenda

The world as we know it

Facing the world

Survival mode

The world as we know it

Implementation of new features
New technology hype(s)

Distorted notion of time

New issues arise every day

 

 Security is not part of the process!

 

Facing the world

Software Dev. Life Cycle

Requirements

Who is going to use the system?

How will they use the system?  

What data should be input into the system?  

What data should be output by the system?


Requirement Specification document

Requirements

Product Team

Security Perceptions

Security Work

Improvements

Design

System Design helps in:

  - specifying hardware and system requirements;

  - defining overall system architecture (interactions,       structures, technologies,...).


Implementation and Support Documentation

Design

Architecture Teams

Security Perceptions

Security Work

Improvements

Code

The work is divided into modules/units and actual coding is started. During this phase, the code should be the developer's main focus.


Real Product

Code

Development Teams

Security Perceptions

Security Work

Improvements

Testing

After code development, it is necessary to test it against the requirements to verify that the product addresses the needs collected during the requirements stage.


Product Validation!

Testing

QA Teams

Security Perceptions

Security Work

Improvements

Deployment

After successful testing, the product can finally be delivered/deployed to the customer.


Live to the world!

Deployment

DevOps Teams

Security Perceptions

Security Work

Improvements

S. Software Dev. Life Cycle

Thank you for your time!

Join the conversation #devseccon

Renato Rodrigues - @simpsOn - //pathonproject..com

Security in the wild

By Renato Rodrigues

Security in the wild

Presentation for DevSecCon 2016, London (https://www.devseccon.com/blog/session/security-in-the-wild-2/).

  • 3,163