Security in the wild


By Renato Rodrigues

Join the conversation #devseccon
Who Am I

Renato Rodrigues - @simpsOn - //pathonproject..com

Agenda

The world as we know it
Facing the world
Survival mode
The world as we know it

Implementation of new features
New technology hype(s)
Distorted notion of time
New issues arise every day
Security is not part of the process!
Facing the world


Software Dev. Life Cycle
Requirements

Who is going to use the system?
How will they use the system?
What data should be input into the system?
What data should be output by the system?
Requirement Specification document
Requirements

Product Team
Security Perceptions
Security Work
Improvements

Design

System Design helps in:
- specifying hardware and system requirements;
- defining overall system architecture (interactions, structures, technologies,...).
Implementation and Support Documentation
Design

Architecture Teams
Security Perceptions
Security Work
Improvements

Code

The work is divided into modules/units and actual coding is started. During this phase, the code should be the developer's main focus.
Real Product
Code

Development Teams
Security Perceptions
Security Work
Improvements

Testing

After code development, it is necessary to test it against the requirements to verify that the product addresses the needs collected during the requirements stage.
Product Validation!
Testing

QA Teams
Security Perceptions
Security Work
Improvements

Deployment

After successful testing, the product can finally be delivered/deployed to the customer.
Live to the world!
Deployment

DevOps Teams
Security Perceptions
Security Work
Improvements


S. Software Dev. Life Cycle

Thank you for your time!


Join the conversation #devseccon
Renato Rodrigues - @simpsOn - //pathonproject..com
Security in the wild
By Renato Rodrigues
Security in the wild
Presentation for DevSecCon 2016, London (https://www.devseccon.com/blog/session/security-in-the-wild-2/).
- 3,042