O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Basic of SSDLC

0 visualizações

Publicada em

Software Security Development Life Cycle

  • Seja o primeiro a comentar

Basic of SSDLC

  1. 1. Secure Software Development Life Cycle (SSDLC) Chitpong Wuttanan
  2. 2. Not have Security Process or last priority to do it
  3. 3. Microsoft Security Development Lifecycle http://www.microsoft.com/security/sdl/discover/default.aspx
  4. 4. if your developed, what step to do security?
  5. 5. Goals of Basic Security <ul><li>C = Confidentiality
  6. 6. I = Integrity
  7. 7. A = Availability </li></ul>
  8. 8. What Developer must know? <ul><li>What's Threat </li><ul><li>(www.owasp.org) </li></ul><li>Cheat sheet and prevention cheat sheet </li><ul><li>Seach on google </li></ul><li>How to hacking and protect </li><ul><li>( www.zone-h.com , www.xssed.com) </li></ul><li>Benchmark Security of Tools </li><ul><li>(www.cisecurity.org) </li></ul></ul>
  9. 9. Penetration Test drive <ul><li>False negative </li><ul><li>Do correct, software respond incorrect </li></ul><li>False positive </li><ul><li>Do incorrect, software respond correct </li></ul></ul>
  10. 10. Start to improve security <ul><li>Log </li><ul><li>Keep abnormal log </li></ul><li>Requirement </li><ul><li>What and where to security on software </li></ul><li>Know all in environment </li><ul><li>Input data
  11. 11. Output data </li></ul></ul>
  12. 12. “ We wouldn't have to spend so much time and effort on network security if we didn't have such bad software security” Bruce Schneier (Security Guru) “ Security isn't just an IT issue. It's everyone's business.”

×