Security & the SDLC - Marisa Fagan
Click here to load reader
-
Upload
security-b-sides -
Category
Technology
-
view
2.502 -
download
2
description
Transcript of Security & the SDLC - Marisa Fagan
Security & The SDLCMarisa Fagan
Security Project Manager
Errata Security
Who Am I?• Research on SDLC
• Survey - bit.ly/ErrataSurvey
• Security Project Manager
• Looking Glass
• Hamster
• Ferret
• AxBan
The Survey
• Questions
• Role/Company Size
• Awareness
• Testing
• Methodology
• Rant
• Findings so far
• No one solution for any two companies
Securing the SDLC• Many different choices
• Decide what you can afford
• Get creative about training
• Short vs. Long term fix
• Make specific changes
• Save time by swinging a wide net
• Trust in tools
SDL Light
• Start with an incident
• Requirements: Let the tools guide you
• Design: Use a threat template
• Gauntlet: Run the automated tools
• Analysis: Unit test, master one vuln at a time, be
specific
• Sanity Check: Defense in Depth, check your
work, Security Expert sign off & release
Questions? Comments?
• http://www.erratasec.com
xkcd