1 / 1

Specify tools Enforce banned functions Static analysis

Security Development Lifecycle. Core security training. An undetected software requirement defect can cost 50 to 200 times as much to fix when discovered later in the development or post-development process. Establish security requirements Analyze security & privacy risk

qabil
Télécharger la présentation

Specify tools Enforce banned functions Static analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security Development Lifecycle • Core security training An undetected software requirement defect can cost 50 to 200 times as much to fix when discovered later in the development or post-development process. • Establish security requirements • Analyze security & privacy risk • Define quality gates & bug bars • Establish design requirements • Attack surface analysis • Threat modeling One hour of software QA activities can save between 3 and 10 hours of post-release remediation work. • Specify tools • Enforce banned functions • Static analysis • Dynamic/fuzz testing & analysis • Verify threat models & attack surface A defect found and fixed during a code review would cost 10 to 100 times as much to fix when discovered later in the development or post-development process. • Incident response plan • Final security review • Execute incident response plan • Goals: • Protect customers • Reduce the number of vulnerabilities • Reduce the severity of vulnerabilities • Principles: • Prescriptive, practical, proactive • Eliminate security problems early • Secure by design

More Related