Download
slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Specify tools Enforce banned functions Static analysis PowerPoint Presentation
Download Presentation
Specify tools Enforce banned functions Static analysis

Specify tools Enforce banned functions Static analysis

161 Vues Download Presentation
Télécharger la présentation

Specify tools Enforce banned functions Static analysis

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Security Development Lifecycle • Core security training An undetected software requirement defect can cost 50 to 200 times as much to fix when discovered later in the development or post-development process. • Establish security requirements • Analyze security & privacy risk • Define quality gates & bug bars • Establish design requirements • Attack surface analysis • Threat modeling One hour of software QA activities can save between 3 and 10 hours of post-release remediation work. • Specify tools • Enforce banned functions • Static analysis • Dynamic/fuzz testing & analysis • Verify threat models & attack surface A defect found and fixed during a code review would cost 10 to 100 times as much to fix when discovered later in the development or post-development process. • Incident response plan • Final security review • Execute incident response plan • Goals: • Protect customers • Reduce the number of vulnerabilities • Reduce the severity of vulnerabilities • Principles: • Prescriptive, practical, proactive • Eliminate security problems early • Secure by design