0% found this document useful (0 votes)
52 views17 pages

Secure Software Development

Uploaded by

Walid Alsharafi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
52 views17 pages

Secure Software Development

Uploaded by

Walid Alsharafi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 17

Secure Software Development

Dr. Asankhaya Sharma


SIT
Nov 23, 2024 2
Secure Software Development
• Consider security throughout the software
development lifecycle
– Requirements
– Design
– Implementation
– Testing
– Deployment

Nov 23, 2024 3


Requirements
• Identify sensitive data and resources
• Define security requirements for them
– Confidentiality
– Integrity
– Availability
• Consider threats and abuse cases that violate
these requirements

Nov 23, 2024 4


Application Generic
Specific • Common Best
• Abuse/Misuse Cases Practices
• Threat Models • Legal
• Attacks • IT
• Assets • Development

Architectural Risk Attack Patterns


Analysis • Historical Risks
• Underlying • Vulnerabilities
Framework
• Ambiguity Analysis
• Fundamental
Weakness

Nov 23, 2024 5


Design
• Apply principles for secure software design
– Prevent, mitigate and detect possible attacks
• Security principles
– Favor Simplicity
– Trust with Reluctance
– Defend in Depth

Nov 23, 2024 6


Nov 23, 2024 7
Implementation
• Apply coding rules that implement secure
design
• Use automated code review techniques to find
potential vulnerabilities components
– Static Analysis
– Symbolic execution

Nov 23, 2024 8


Nov 23, 2024 9
Testing
• Penetration Testing to find potential flaws in
the real system
– Fuzz testing
• Employ attack patterns

Nov 23, 2024 10


Different methodologies
• BSIMM (Building Security In – Maturity Model)
– http://bsimm.com
• Microsoft Security Development Lifecycle
– https://www.microsoft.com/en-us/sdl/
• OpenSAMM Software Assurance Maturity
Model
– http://opensamm.org

Nov 23, 2024 11


Nov 23, 2024 12
Continuous Delivery of Software

Nov 23, 2024 13


Nov 23, 2024 14
Continuous Security
• Requires security automation
• Integrate into CD environment and tools
– Source code management systems
• GitHub, Bitbucket etc.
– Build systems
• Travis CI, Jenkins etc.
• Audit third party component and open-source
library usage

Nov 23, 2024 15


Takeaways
• Security practices should be built in during the
software development process

• Continuous delivery needs continuous security

Nov 23, 2024 16


Thanks!
• Questions?
• Contact
– @asankhaya

Nov 23, 2024 17

You might also like