1 / 26

Implementing Security by Design: Building Secure Applications for Today's Digital Landscape

This presentation by Martin Knobloch from Sogeti Netherlands focuses on the crucial importance of implementing Security by Design in software development. It covers the key aspects of awareness, education, and collaboration among all stakeholders to create secure applications. Attendees will learn about secure software development practices, the secure development life cycle, and the role of task forces in promoting security standards across an organization. Join forces to ensure your applications meet security expectations and successfully navigate the landscape of current OWASP projects.

charla
Télécharger la présentation

Implementing Security by Design: Building Secure Applications for Today's Digital Landscape

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OWASP Nederland Implementation of Security by Design Martin Knobloch Sogeti Nederland B.V. martin.knobloch@sogeti.nl +31-(0)6 52 32 76 79 2007-01-11

  2. Presentation Objectives • What is…? • Awareness! • Task Force! • Join Forces! • Education! • Get known! • Finish line?

  3. What is…? • What is…? • Security By Design • A Secure Application • Awareness! • Task Force! • Join Forces! • Education! • Get known! • Finish line?

  4. What is… • Security by Design • Secure Software Development Initiative • Applications designed to be secure • Design how to develop secure applications • Everything about designing, developing, testing and implementing secure applications!

  5. What is… • A Secure Application? • How to design, develop a secure application? • How secure has an application to be? • How to prove the application meets the customer expectations and needs of security? 50 current OWAP Projects • 6Release Quality Projects • 15 Beta Status Projects • 15 Alpha Status Projects

  6. What is…? • Secure Development Life Cycle

  7. What is… • A Secure Application.. • An application is secure if the applications behaves as expected at all times!

  8. Awareness! • What is… ? • Awareness! • Who? • Why? • How? • Task Force! • Join Forces! • Education! • Get known! • Finish line?

  9. Awareness! • Who? • Colleagues • Development Staff • Architects / Designers • Developers • Tester • Sales / Business • Management • Customer • Architects • Administrators • Users …each and everyone!

  10. Awareness! • Why? • Colleagues • Development Staff • Sales / Business • Management • Customer • Architects • Administrators • Users

  11. Awareness! • How? • By recognition of their interests, understanding and knowledge of security! • Communicate on the level of their knowledge • Communicate in the scope of their understanding • Communicate in the context of their interests

  12. Awareness!

  13. Task Force! • What is…? • Awareness! • Task Force! • It’s not a one-man-show • Join Forces! • Education! • Get known! • Finish line?

  14. Task Force! • It’s not a one-man-show • Java • Microsoft • Oracle • SAP • CMS • C++ • Uniface • PHP • … • Software Control

  15. Task Force! • Proactive Security Strategy (PaSS)

  16. Join Forces! • What is…? • Awareness! • Task Force! • Join Forces! • Who else is busy with security? • Education! • Get known! • Finish line?

  17. Join Forces! • Business Process • Networking • System Administration • Application Administration

  18. Join Forces! • Company wide security initiatives

  19. Educate! • What is…? • Awareness! • Task Force! • Join Forces! • Educate! • Education • Certification • Get known! • Finish line?

  20. Educate! • Presentations, Courses, Technical meetings • To create awareness! • About Security Threats • About Security Standards • About Best Practices • About Standards • About …

  21. Educate! • Certifications • Get certified • CISSP • Symantec – SCSP • MSCE • Cisco • ISS • RSA • OWASP Top Ten certification?!

  22. Get known! • What is…? • Awareness! • Task Force! • Join Forces! • Education! • Get known! • Make yourself heard! • Finish line?

  23. Get known! • Write! • Papers • Newsletters • Blogs • Talk! • Presentations • Meetings • Lunch • Bother! • Whenever there is a change!

  24. Get known! Make yourself notorious!

  25. Finish line? • What is…? • Awareness! • Task Force! • Join Forces! • Get known! • Education! • Finish line? • When is the job done?

  26. Finish line? • When is the job done? …NEVER!

More Related