Download - Security & the SDLC - Marisa Fagan

Transcript
Page 1: Security & the SDLC - Marisa Fagan

Security & The SDLCMarisa Fagan

Security Project Manager

Errata Security

Page 2: Security & the SDLC - Marisa Fagan

Who Am I?• Research on SDLC

• Survey - bit.ly/ErrataSurvey

• Security Project Manager

• Looking Glass

• Hamster

• Ferret

• AxBan

Page 3: Security & the SDLC - Marisa Fagan

The Survey

• Questions

• Role/Company Size

• Awareness

• Testing

• Methodology

• Rant

• Findings so far

• No one solution for any two companies

Page 4: Security & the SDLC - Marisa Fagan

Securing the SDLC• Many different choices

• Decide what you can afford

• Get creative about training

• Short vs. Long term fix

• Make specific changes

• Save time by swinging a wide net

• Trust in tools

Page 5: Security & the SDLC - Marisa Fagan

SDL Light

• Start with an incident

• Requirements: Let the tools guide you

• Design: Use a threat template

• Gauntlet: Run the automated tools

• Analysis: Unit test, master one vuln at a time, be

specific

• Sanity Check: Defense in Depth, check your

work, Security Expert sign off & release

Page 6: Security & the SDLC - Marisa Fagan

Questions? Comments?

• http://www.erratasec.com

xkcd


Top Related

SDLC Intro

SDLC Intro

Database SDLC

Database SDLC

Sdlc Cycle

Sdlc Cycle

SDLC Details

SDLC Details

Sdlc tutorial

Sdlc tutorial

SDLC Guideline

SDLC Guideline

FAGAN, Messalina's Folly

FAGAN, Messalina's Folly

Gerry Fagan Photography

Gerry Fagan Photography

Languages
Pages
Legal

Copyright © 2022 FDOCUMENTS