Security in the wild

By Renato Rodrigues

Join the conversation #devseccon

Who Am I

Renato Rodrigues - - @simpsOn //pathonproject..com

Agenda

The world as we know itFacing the worldSurvival mode

The world as we know it

Implementation of new featuresNew technology hype(s)

Distorted notion of timeNew issues arise every day

Security is not part of the process!

Facing the world

Software Dev. Life Cycle

Requirements

Who is going to use the system?

How will they use the system?

What data should be input into the system?

What data should be output by the system?

Requirement Specification document

RequirementsProduct Team

Security Perceptions

Security Work

Improvements

Design

System Design helps in:

- specifying hardware and system requirements;

- defining overall system architecture (interactions, structures, technologies,...).

Implementation and Support Documentation

DesignArchitecture Teams

Security Perceptions

Security Work

Improvements

Code

The work is divided into modules/units and actualcoding is started. During this phase, the code should

be the developer's main focus.

Real Product

CodeDevelopment Teams

Security Perceptions

Security Work

Improvements

Testing

After code development, it is necessary to test it against therequirements to verify that the product addresses the needs

collected during the requirements stage.

Product Validation!

TestingQA Teams

Security Perceptions

Security Work

Improvements

Deployment

After successful testing, the product can finally bedelivered/deployed to the customer.

Live to the world!

DeploymentDevOps Teams

Security Perceptions

Security Work

Improvements

S. Software Dev. Life Cycle

Thank you for your time!

Join the conversation #devseccon

Renato Rodrigues - - @simpsOn //pathonproject..com