Secure Software Development Best Practices
Embrace secure software development practices by considering security throughout the software development lifecycle. Identify sensitive data, define security requirements, apply secure design principles, implement coding rules, conduct thorough testing including penetration testing, and explore different methodologies such as BSIMM, Microsoft SDL, and OpenSAMM for enhancing software security maturity.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Secure Software Development Dr. Asankhaya Sharma SIT
Secure Software Development Consider security throughout the software development lifecycle Requirements Design Implementation Testing Deployment 20-Sep-24 3
Requirements Identify sensitive data and resources Define security requirements for them Confidentiality Integrity Availability Consider threats and abuse cases that violate these requirements 20-Sep-24 4
Application Specific Generic Common Best Practices Legal IT Development Abuse/Misuse Cases Threat Models Attacks Assets Architectural Risk Analysis Attack Patterns Historical Risks Vulnerabilities Underlying Framework Ambiguity Analysis Fundamental Weakness 20-Sep-24 5
Design Apply principles for secure software design Prevent, mitigate and detect possible attacks Security principles Favor Simplicity Trust with Reluctance Defend in Depth 20-Sep-24 6
Implementation Apply coding rules that implement secure design Use automated code review techniques to find potential vulnerabilities components Static Analysis Symbolic execution 20-Sep-24 8
Testing Penetration Testing to find potential flaws in the real system Fuzz testing Employ attack patterns 20-Sep-24 10
Different methodologies BSIMM (Building Security In Maturity Model) http://bsimm.com Microsoft Security Development Lifecycle https://www.microsoft.com/en-us/sdl/ OpenSAMM Software Assurance Maturity Model http://opensamm.org 20-Sep-24 11
20-Sep-24 12
Continuous Delivery of Software 20-Sep-24 13
20-Sep-24 14
Continuous Security Requires security automation Integrate into CD environment and tools Source code management systems GitHub, Bitbucket etc. Build systems Travis CI, Jenkins etc. Audit third party component and open-source library usage 20-Sep-24 15
Takeaways Security practices should be built in during the software development process Continuous delivery needs continuous security 20-Sep-24 16
Thanks! Questions? Contact @asankhaya 20-Sep-24 17
