Scribd
Upload
16 views16 pages

Lecture 10

Uploaded by

Dominic Chuchu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
16 views16 pages

Lecture 10

Uploaded by

Dominic Chuchu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 16

Secure Software Development

James Kirimi
Tharaka University
Nov 13, 2024 2
Secure Software Development
• Consider security throughout the software
development lifecycle
– Requirements
– Design
– Implementation
– Testing
– Deployment

Nov 13, 2024 3


Requirements
• Identify sensitive data and resources
• Define security requirements for them
– Confidentiality
– Integrity
– Availability
• Consider threats and abuse cases that violate
these requirements

Nov 13, 2024 4


Application Generic
Specific • Common Best
• Abuse/Misuse Cases Practices
• Threat Models • Legal
• Attacks • IT
• Assets • Development

Architectural Risk Attack Patterns


Analysis • Historical Risks
• Underlying • Vulnerabilities
Framework
• Ambiguity Analysis
• Fundamental
Weakness

Nov 13, 2024 5


Design
• Apply principles for secure software design
– Prevent, mitigate and detect possible attacks
• Security principles
– Favor Simplicity
– Trust with Reluctance
– Defend in Depth

Nov 13, 2024 6


Nov 13, 2024 7
Implementation
• Apply coding rules that implement secure
design
• Use automated code review techniques to find
potential vulnerabilities components
– Static Analysis
– Symbolic execution

Nov 13, 2024 8


Nov 13, 2024 9
Testing
• Penetration Testing to find potential flaws in
the real system
– Fuzz testing
• Employ attack patterns

Nov 13, 2024 10


Different methodologies
• BSIMM (Building Security In – Maturity Model)
– http://bsimm.com
• Microsoft Security Development Lifecycle
– https://www.microsoft.com/en-us/sdl/
• OpenSAMM Software Assurance Maturity
Model
– http://opensamm.org

Nov 13, 2024 11


Nov 13, 2024 12
Continuous Delivery of Software

Nov 13, 2024 13


Nov 13, 2024 14
Continuous Security
• Requires security automation
• Integrate into CD environment and tools
– Source code management systems
• GitHub, Bitbucket etc.
– Build systems
• Travis CI, Jenkins etc.
• Audit third party component and open-source
library usage

Nov 13, 2024 15


Takeaways
• Security practices should be built in during the
software development process

• Continuous delivery needs continuous security

Nov 13, 2024 16

You might also like