An End to Testing Ourselves Secure?

Why I’m Here

Ground Rules

This is a presentation discussion

Let other people speak!

15 minute time-boxed discussions, revisit parked

issues at the end

Framing the Problem

Requir

ts / A

rchite

Coding

ration

nt Tes

System

Produc

tion /

t-Rele

11x16x21x26x31x36x

Source: NIST

Highest ROI

Where we find flaws today

Look familiar?

February 2012 Report from Quocirca

Results of an Open SAMM Assessment

Discussion Question 1:Is there a problem with

relying primarily on verification?

Isn’t static analysis a “good enough” solution?

Discussion Question 2:Can we effectively scale

training, threat modeling?

Discussion Question 3:Can we effectively scale security requirements?

Resources

Learning from other process changes

Cultural Challenges to Secure SDLC

• “Incompetent developer” challenge• “Security is special” challenge• Domain-specific vs. domain-agnostic• Fitting a square peg into a round hole

Conclusions?

rohit@sdelements.comTwitter: @rksethi

An End to Testing Ourselves Secure?

Documents

Transcript of An End to Testing Ourselves Secure?

STPP Testing - securetrading.com€™s systems. Secure Trading strongly recommends testing your system’s integration by ... VISA 4111110000000211 4111110000000021 4111110000000401

Safe and Secure Flight Control System Design and Testing€¦ · Safe and Secure Flight Control System Design and Testing X. Wang, E. Xargay, E. Kharisov, and N. Hovakimyan nhovakim.

Save ourselves with unit testing :)

Real world web service testing for web hackers ©2012 Secure Ideas LLC | .

NRMS Benchmark Testing By: Deandrea Williams. MIST Measurement Incorporated Secure Testing ◦Background scoring writing test ◦Provided the most rigorous.

TESTING BEYOND...TESTING BEYOND Leading Technology To be and to remain advanced in technology, Motoplat develops all software on the testers ourselves. Reliability We are committed

Countering GATTACA: Efﬁcient and Secure Testing of Fully ...sprout.ics.uci.edu/pubs/p691-baldi.pdf · Countering GATTACA: Efﬁcient and Secure Testing of Fully-Sequenced Human

Secure Analysis & Testing (Hacking Technique)

Performance Measurement and Security Testing of a Secure ...palms.ee.princeton.edu/system/files/haow-mse-thesis.pdf · Performance Measurement and Security Testing of a Secure Cache

Penetration testing: A proactive approach to secure computing - Eric Vanderburg - Kent State University

Special Report – Secure Storage, Testing and Recycling of Military Equipment and Assets

Thanks for attending. Objective: Familiarize ourselves with the testing procedures involved with PERT administration. P.E.R.T. 2015-2016 TRAINING.

LCA14: LCA14-418: Testing a secure framework

We cant hack ourselves secure

Introductie Sebyde BV | Security Testing | Security Awareness | Secure Development

End to End training and testing facility: Realistic, Flexible, Discreet, Secure and Customer focusedEnd to End training and testing facility: Realistic,

Secure Penetration Testing Operations - Black Hat · Secure Penetration Testing Operations ... Host Security, Penetration Tester . ... validate server & client certificates

So That We Don't Fool Ourselves -- Again: Study Notes On Secure Communication

REHOBOTH CIVIL TESTING LABORATORY PVT LTD · 2019. 4. 8. · INTRODUCTION: We introduce ourselves from M/s.Rehoboth Civil Testing Laboratory Pvt Ltd is a leading Soil Testing & Materials

Ensuring a Secure Testing Environment