1 / 11

Software Security for Digital Ecosystems

Software Security for Digital Ecosystems. Stephen Strohmeier Connor Leonhardt. Overview. Purpose Curren research What is a digital ecosytem A before and after look at penetration testing Why does this need to be changed How is it better Conclusion. Purpose.

holland
Télécharger la présentation

Software Security for Digital Ecosystems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Software Security for Digital Ecosystems Stephen Strohmeier Connor Leonhardt

  2. Overview • Purpose • Curren research • What is a digital ecosytem • A before and after look at penetration testing • Why does this need to be changed • How is it better • Conclusion

  3. Purpose • Penetration testing in its current state is not ideal • We want to revise it to be more robust and useful • Make testing less generic • More secure software • Bugs and flaws can actually be fixed • Using ideas from ecosystems to revise penetration testing

  4. Research • Natural vs. Digital Ecosystem • How can we apply what happens in nature to the digital world • Health and resilience of an ecosystem • Changes within the ecosystem • Current penetration testing

  5. What is a Digital Ecosystem? • An ecosystem is a biological system consisting of all the living organisms in an area and the nonliving components with which they interact with • Digital ecosystem is an emerging field of study so it is still being defined • It can be thought of in terms of a natural ecosystem.

  6. Current Penetration Testing • It is performed at the end of the SDLC • Often given back to the software development teams • Outside → In spproach • “Pretend Security”

  7. Why should this be changed? • Motivate individuals to find flaws • Testing is limited by time constraints • Fixes are expensive resulting in “Band-Aid” fixes instead of cures • i.e. adjusting the firewall ruleset • So the software is more sucure

  8. Revised Penetration Testing • “War game” style testing • Predator/pray • Competition between developer and security teams • Performed throughout the SDLC • Test more than once

  9. How is it better? • Security and development teams work together to properly test products • Actual fixes can be performed • Fixes are cheaper • Not limited by time

  10. Conclusion • Penetration testing needs to be more robust and useful • The current state of testing is full of problems • Our revision is a step in the right direction to where testing needs to be

  11. Questions?

More Related