Software Securitypresentati
Software Securitypresentati
Put together by –
Meenakshi Mani
Tanvi Shah
WHAT IS SOFTWARE SECURITY
Its all about building secure software !
WHY ?
Softwaresecurity is a system-wide issue that involves
both building in security mechanisms and designing
the system to be robust.
Penetration testing
Good to understand the behavior of your
software in a real-time environment
Security breaks
Observe and study them . Recycling knowledge
from attacks and exploits back into the
organization.
SECURITY DESIGN PRINCIPLES -YES !! WE
HAVE PRINCIPLES TO GO BY ! =)
All
someone needs to do is force failure to take
advantage of the system.
Reuse of components
A LITTLE DIVERSION..
Choke Points
Design all the security-critical operations to be
funneled through specific number of choke points.
Monitoring anomalies becomes easier
Usability
Encapsulation
Abstraction
Classify them.
Introducing
a new parameter: ART - Agility
Reduction Tolerance , decimal number > 0 and <5.
It
is possible to effectively integrate security into
agile development as well
DISCLAIMER
There’s
a whole LOT of information available if
you Google Software Security !
THE SOURCE OF OUR INFORMATION
http://www.cigital.com/papers/download/bsi1-swsec.pdf
http://ieeexplore.ieee.org/stamp/stamp.jsp?
tp=&arnumber=1193213&userType=inst&tag=1
http://www.ibm.com/developerworks/linux/library/s-
link.html
http://www.ibm.com/developerworks/library/s-fail.html
http://www.ibm.com/developerworks/library/s-priv.html
http://www.ibm.com/developerworks/library/s-simp.html
http://www.ibm.com/developerworks/library/s-princ5.html
http://ce.sharif.edu/~mirian/Accepted%20Paper/AICCSA08-
keramati.pdf
THANK YOU
QUESTIONS ?