Avoiding the Pitfalls of Secure SDLC
description
Transcript of Avoiding the Pitfalls of Secure SDLC
![Page 1: Avoiding the Pitfalls of Secure SDLC](https://reader036.fdocuments.net/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/1.jpg)
Avoiding the Pitfalls of Secure SDLC
Succeeding with Automation
![Page 2: Avoiding the Pitfalls of Secure SDLC](https://reader036.fdocuments.net/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/2.jpg)
Introductions
![Page 3: Avoiding the Pitfalls of Secure SDLC](https://reader036.fdocuments.net/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/3.jpg)
Status Quo
![Page 4: Avoiding the Pitfalls of Secure SDLC](https://reader036.fdocuments.net/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/4.jpg)
Requir
emen
ts / A
rchite
cture
Coding
Integ
ration
/ Com
pone
nt Tes
ting
System
/ Acc
eptan
ce T
estin
g
Produc
tion /
Pos
t-Rele
ase
1x6x
11x16x21x26x31x36x
Rel
ativ
e co
st to
fix,
bas
ed o
n tim
e of
det
ectio
n
Source: NIST
Highest ROI
Where we find flaws today
Look familiar?
![Page 5: Avoiding the Pitfalls of Secure SDLC](https://reader036.fdocuments.net/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/5.jpg)
February 2012 Report from Quocirca
![Page 6: Avoiding the Pitfalls of Secure SDLC](https://reader036.fdocuments.net/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/6.jpg)
Results of an Open SAMM Assessment
![Page 7: Avoiding the Pitfalls of Secure SDLC](https://reader036.fdocuments.net/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/7.jpg)
Problems with Verification
![Page 8: Avoiding the Pitfalls of Secure SDLC](https://reader036.fdocuments.net/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/8.jpg)
Security Requirements
42%
58%
Not covered by scannersCan be caught by scanners
![Page 9: Avoiding the Pitfalls of Secure SDLC](https://reader036.fdocuments.net/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/9.jpg)
Scaling: Self-Serve
![Page 10: Avoiding the Pitfalls of Secure SDLC](https://reader036.fdocuments.net/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/10.jpg)
Solution: Automated, Criteria-based
Requirements Generation
![Page 11: Avoiding the Pitfalls of Secure SDLC](https://reader036.fdocuments.net/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/11.jpg)
Context
![Page 12: Avoiding the Pitfalls of Secure SDLC](https://reader036.fdocuments.net/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/12.jpg)
Matched Against Rules
![Page 13: Avoiding the Pitfalls of Secure SDLC](https://reader036.fdocuments.net/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/13.jpg)
Generates Threats
![Page 14: Avoiding the Pitfalls of Secure SDLC](https://reader036.fdocuments.net/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/14.jpg)
Matched Against Rules
![Page 15: Avoiding the Pitfalls of Secure SDLC](https://reader036.fdocuments.net/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/15.jpg)
Which Have Countermeasures
![Page 16: Avoiding the Pitfalls of Secure SDLC](https://reader036.fdocuments.net/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/16.jpg)
Apply the context for specific guidelines
![Page 17: Avoiding the Pitfalls of Secure SDLC](https://reader036.fdocuments.net/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/17.jpg)
And (Optionally) Import into ALM
![Page 18: Avoiding the Pitfalls of Secure SDLC](https://reader036.fdocuments.net/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/18.jpg)
Program Justification:$4k to find vuln in
production
![Page 19: Avoiding the Pitfalls of Secure SDLC](https://reader036.fdocuments.net/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/19.jpg)
[email protected]@sdelements.com