Secure Software Development Best Practices

 
Secure Software Development
 
Dr. Asankhaya Sharma
SIT
 
20-Sep-24
 
2
 
Secure Software Development
 
Consider security throughout the software
development lifecycle
Requirements
Design
Implementation
Testing
Deployment
 
20-Sep-24
 
3
 
Requirements
 
Identify sensitive data and resources
Define security requirements for them
Confidentiality
Integrity
Availability
Consider threats and abuse cases that violate
these requirements
 
20-Sep-24
 
4
 
20-Sep-24
 
5
 
Design
 
Apply principles for secure software design
Prevent, mitigate and detect possible attacks
Security principles
Favor Simplicity
Trust with Reluctance
Defend in Depth
 
20-Sep-24
 
6
 
20-Sep-24
 
7
 
Implementation
 
Apply coding rules that implement secure
design
Use automated code review techniques to
find potential vulnerabilities components
Static Analysis
Symbolic execution
 
20-Sep-24
 
8
 
20-Sep-24
 
9
 
Testing
 
Penetration Testing to find potential flaws in
the real system
Fuzz testing
Employ attack patterns
 
20-Sep-24
 
10
 
Different methodologies
 
BSIMM (Building Security In – Maturity
Model)
http://bsimm.com
Microsoft Security Development Lifecycle
https://www.microsoft.com/en-us/sdl/
OpenSAMM Software Assurance Maturity
Model
http://opensamm.org
 
20-Sep-24
 
11
 
20-Sep-24
 
12
 
Continuous Delivery of Software
 
20-Sep-24
 
13
 
20-Sep-24
 
14
 
Continuous Security
 
Requires security automation
Integrate into CD environment and tools
Source code management systems
GitHub, Bitbucket etc.
Build systems
Travis CI, Jenkins etc.
Audit third party component and open-source
library usage
 
20-Sep-24
 
15
 
Takeaways
 
Security practices should be built in during the
software development process
 
Continuous delivery needs continuous security
 
20-Sep-24
 
16
 
Thanks!
 
Questions?
Contact
@asankhaya
 
20-Sep-24
 
17
Slide Note
Embed
Share

Embrace secure software development practices by considering security throughout the software development lifecycle. Identify sensitive data, define security requirements, apply secure design principles, implement coding rules, conduct thorough testing including penetration testing, and explore different methodologies such as BSIMM, Microsoft SDL, and OpenSAMM for enhancing software security maturity.

  • Secure Development
  • Software Security
  • Best Practices
  • Security Lifecycle
  • Coding Rules

Uploaded on Sep 20, 2024 | 1 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Secure Software Development Dr. Asankhaya Sharma SIT

  2. 20-Sep-24 2

  3. Secure Software Development Consider security throughout the software development lifecycle Requirements Design Implementation Testing Deployment 20-Sep-24 3

  4. Requirements Identify sensitive data and resources Define security requirements for them Confidentiality Integrity Availability Consider threats and abuse cases that violate these requirements 20-Sep-24 4

  5. Application Specific Generic Common Best Practices Legal IT Development Abuse/Misuse Cases Threat Models Attacks Assets Architectural Risk Analysis Attack Patterns Historical Risks Vulnerabilities Underlying Framework Ambiguity Analysis Fundamental Weakness 20-Sep-24 5

  6. Design Apply principles for secure software design Prevent, mitigate and detect possible attacks Security principles Favor Simplicity Trust with Reluctance Defend in Depth 20-Sep-24 6

  7. 20-Sep-24 7

  8. Implementation Apply coding rules that implement secure design Use automated code review techniques to find potential vulnerabilities components Static Analysis Symbolic execution 20-Sep-24 8

  9. 20-Sep-24 9

  10. Testing Penetration Testing to find potential flaws in the real system Fuzz testing Employ attack patterns 20-Sep-24 10

  11. Different methodologies BSIMM (Building Security In Maturity Model) http://bsimm.com Microsoft Security Development Lifecycle https://www.microsoft.com/en-us/sdl/ OpenSAMM Software Assurance Maturity Model http://opensamm.org 20-Sep-24 11

  12. 20-Sep-24 12

  13. Continuous Delivery of Software 20-Sep-24 13

  14. 20-Sep-24 14

  15. Continuous Security Requires security automation Integrate into CD environment and tools Source code management systems GitHub, Bitbucket etc. Build systems Travis CI, Jenkins etc. Audit third party component and open-source library usage 20-Sep-24 15

  16. Takeaways Security practices should be built in during the software development process Continuous delivery needs continuous security 20-Sep-24 16

  17. Thanks! Questions? Contact @asankhaya 20-Sep-24 17

More Related Content

giItT1WQy@!-/#giItT1WQy@!-/#