SlideShare a Scribd company logo

Agile Software Security

Download as PPT, PDF
Futurice, profile picture
Futurice

The document discusses security assurance in agile software development, highlighting the importance of aligning security practices with user stories and addressing the risks associated with 'evil user stories.' It emphasizes the need for integrating security measures throughout the software development lifecycle, including code analysis, threat modeling, and penetration testing. The guide advocates for a balanced approach, suggesting that security should be developed organically and collaboratively within agile teams.

Business
1 of 30
Downloaded 24 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Agile Software Security Olli Ahonen
Outline Security assurance Misaligned Aligned Evil user stories Microsoft
Outline Security assurance Misaligned Aligned Evil user stories Microsoft
Security assurance Design principles Static code analysis External reviews Penetration testing ...
“ Good old heavyweight assurance processes” K. Beznosov and P. Kruchten
Outline Security assurance Misaligned Aligned Evil user stories Microsoft
Root causes
Working software over comprehensive documentation
Big Up-Front Design
Deliver working software frequently
Deliver working software frequently Collective ownership of code
Deliver working software frequently Collective ownership of code Back to square one + =
3rd party Independence Objectivity Credibility
Misaligned External reviews Analysis and validation Test depth analysis Manual security testing
Root causes
Outline Security assurance Misaligned Aligned Evil user stories Microsoft
Natural match Internal reviews Build security in
Works anyway Architecture and design principles High-level languages & run-time environments Change tracking
Automatic Static code analysis Unit testing System testing
Outline Security assurance Misaligned Aligned Evil user stories Microsoft
Evil user stories From user stories “ How can this functionality be misused?” Build security in As an employee, I can search for other employees by their last name As an employee, I can alter the database by inserting an SQL search string
Disconnected stories “ User adds “&debug=true” to URL on any page, and receives debug information that discloses system configuration details.”
Missing stories Incomplete Inexpressible
Outline Security assurance Misaligned Aligned Evil user stories Microsoft
Security Development Lifecycle Attack surface analysis Threat modeling Cryptography review Response plan ...
SDL/ Agile
SDL/ Agile
SDL/ Agile
SDL/ Agile
Summary Don’t force it Nourish synergy Aim for secure enough

More Related Content

PPTX
Using Extended Events
SQL Server Sri Lanka User Group
 
PPTX
Sql injection
Tech Bikram
 
DOC
A review of the features/tutorialoutlet
Repton
 
PPTX
Visual Studio 2010 Ultimate
Clint Edmonson
 
PPTX
Sql injections (Basic bypass authentication)
Ravindra Singh Rathore
 
PPTX
SQL Server Security and Intrusion Prevention
Gabriel Villa
 
PDF
TLC2018 Tanya Kravtsov: 10 Steps to CI, Testing and Delivery
Anna Royzman
 
PDF
Markus Paasovaara: Face recognition
Futurice
 
Using Extended Events
SQL Server Sri Lanka User Group
 
Sql injection
Tech Bikram
 
A review of the features/tutorialoutlet
Repton
 
Visual Studio 2010 Ultimate
Clint Edmonson
 
Sql injections (Basic bypass authentication)
Ravindra Singh Rathore
 
SQL Server Security and Intrusion Prevention
Gabriel Villa
 
TLC2018 Tanya Kravtsov: 10 Steps to CI, Testing and Delivery
Anna Royzman
 
Markus Paasovaara: Face recognition
Futurice
 

Similar to Agile Software Security (20)

PPT
Agnitio: its static analysis, but not as we know it
Security BSides London
 
PPTX
Application Security at DevOps Speed and Portfolio Scale
Jeff Williams
 
PDF
Agile Software Architecture
Chris F Carroll
 
PPT
4.Security Assessment And Testing
phanleson
 
PDF
Devops security-An Insight into Secure-SDLC
Suman Sourav
 
PDF
Software Analytics: Data Analytics for Software Engineering and Security
Tao Xie
 
PPTX
Security Best Practices
Clint Edmonson
 
PDF
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
Threat Stack
 
PPT
Software Security Testing
ankitmehta21
 
PDF
How to Make a Unicorn: Finding Cybersecurity Talent in the Real World (Dallas)
Franklin Mosley
 
PPTX
Overcoming Security Challenges in DevOps
Alert Logic
 
PPT
AMI Security 101 - Smart Grid Security East 2011
dma1965
 
PDF
What Every Developer And Tester Should Know About Software Security
Anne Oikarinen
 
PPT
香港六合彩
baoyin
 
PDF
Shaloo Verma
Shaloo Verma
 
PPT
Secure SDLC for Software
Shreeraj Shah
 
PDF
[OPD 2019] Threat modeling at scale
OWASP
 
PPTX
Build a complete security operations and compliance program using a graph dat...
Erkang Zheng
 
PPTX
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
DevOps for Enterprise Systems
 
PDF
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
DevOps.com
 
Agnitio: its static analysis, but not as we know it
Security BSides London
 
Application Security at DevOps Speed and Portfolio Scale
Jeff Williams
 
Agile Software Architecture
Chris F Carroll
 
4.Security Assessment And Testing
phanleson
 
Devops security-An Insight into Secure-SDLC
Suman Sourav
 
Software Analytics: Data Analytics for Software Engineering and Security
Tao Xie
 
Security Best Practices
Clint Edmonson
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
Threat Stack
 
Software Security Testing
ankitmehta21
 
How to Make a Unicorn: Finding Cybersecurity Talent in the Real World (Dallas)
Franklin Mosley
 
Overcoming Security Challenges in DevOps
Alert Logic
 
AMI Security 101 - Smart Grid Security East 2011
dma1965
 
What Every Developer And Tester Should Know About Software Security
Anne Oikarinen
 
香港六合彩
baoyin
 
Shaloo Verma
Shaloo Verma
 
Secure SDLC for Software
Shreeraj Shah
 
[OPD 2019] Threat modeling at scale
OWASP
 
Build a complete security operations and compliance program using a graph dat...
Erkang Zheng
 
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
DevOps for Enterprise Systems
 
Leverage DevOps & Agile Development to Transform Your Application Testing Pro...
DevOps.com
 
Ad

More from Futurice (10)

PDF
Future of Mobility - Futurice Stockholm
Futurice
 
PDF
Future of Mobility - Futurice Stockholm
Futurice
 
PDF
Fantastic Problems and Where to Find Them: Daryl Weir
Futurice
 
PDF
Pepperoni – A framework for spicing up your mobile apps with React Native
Futurice
 
PDF
Pepperoni 2.0 - How to spice up your mobile apps
Futurice
 
PDF
Reark : a Reference Architecture for Android using RxJava
Futurice
 
PDF
Futurice Retail Trends 2020
Futurice
 
PPTX
Winning hearts with data driven services
Futurice
 
PDF
Testing Without Waste - Automatic Testing
Futurice
 
PPTX
Project thinking and digital service business
Futurice
 
Future of Mobility - Futurice Stockholm
Futurice
 
Future of Mobility - Futurice Stockholm
Futurice
 
Fantastic Problems and Where to Find Them: Daryl Weir
Futurice
 
Pepperoni – A framework for spicing up your mobile apps with React Native
Futurice
 
Pepperoni 2.0 - How to spice up your mobile apps
Futurice
 
Reark : a Reference Architecture for Android using RxJava
Futurice
 
Futurice Retail Trends 2020
Futurice
 
Winning hearts with data driven services
Futurice
 
Testing Without Waste - Automatic Testing
Futurice
 
Project thinking and digital service business
Futurice
 
Ad

Recently uploaded (20)

PPTX
svnfcksanfskjcsnvvjknsnvsdscnsncxasxa saccacxsax
ergvedfvef sdvsfvdvd
 
PPTX
Belch_12e_PPT_Ch18_Accessible_university.pptx
Haitham327103
 
PPTX
5 Stages of group development guide.pptx
keerthanashanmugam201
 
PDF
pdfcoffee.com-opt-b1plus-sb-answers.pdfvi
thaoonguyenn2311
 
DOCX
unit 1 COST ACCOUNTING AND COST SHEET
MANJU N
 
PDF
Outsourced Audit & Assurance in USA Why Globus Finanza is Your Trusted Choice
Globus finanza
 
PDF
Digital Marketing & E-commerce Certificate Glossary.pdf.................
RoobaV2
 
PDF
Chapter 5_Foreign Exchange Market in .pdf
sophatphoniu
 
PDF
IFRS Notes in your pocket for study all the time
jjj81507
 
PDF
Katrina Stoneking: Shaking Up the Alcohol Beverage Industry
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
PDF
Power and position in leadershipDOC-20250808-WA0011..pdf
meghavinikumar2006
 
PDF
NISM Series V-A MFD Workbook v December 2024.khhhjtgvwevoypdnew one must use ...
RoopaSherkar
 
PDF
BsN 7th Sem Course GridNNNNNNNN CCN.pdf
ZAMANYousufzai1
 
PDF
Solara Labs: Empowering Health through Innovative Nutraceutical Solutions
The lifescience magaizne
 
PDF
Laughter Yoga Basic Learning Workshop Manual
yeechensee
 
PPTX
2025 Product Deck V1.0.pptxCATALOGTCLCIA
AndreaRominaHoyosSur2
 
PPTX
New Microsoft PowerPoint Presentation - Copy.pptx
itsmesumedh96
 
PPT
Chapter four Project-Preparation material
argachewbochena1
 
PPTX
HR Introduction Slide (1).pptx on hr intro
suhanidwivedi227
 
PDF
Elevate Cleaning Efficiency Using Tallfly Hair Remover Roller Factory Expertise
farsookmon97766765
 
svnfcksanfskjcsnvvjknsnvsdscnsncxasxa saccacxsax
ergvedfvef sdvsfvdvd
 
Belch_12e_PPT_Ch18_Accessible_university.pptx
Haitham327103
 
5 Stages of group development guide.pptx
keerthanashanmugam201
 
pdfcoffee.com-opt-b1plus-sb-answers.pdfvi
thaoonguyenn2311
 
unit 1 COST ACCOUNTING AND COST SHEET
MANJU N
 
Outsourced Audit & Assurance in USA Why Globus Finanza is Your Trusted Choice
Globus finanza
 
Digital Marketing & E-commerce Certificate Glossary.pdf.................
RoobaV2
 
Chapter 5_Foreign Exchange Market in .pdf
sophatphoniu
 
IFRS Notes in your pocket for study all the time
jjj81507
 
Katrina Stoneking: Shaking Up the Alcohol Beverage Industry
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
Power and position in leadershipDOC-20250808-WA0011..pdf
meghavinikumar2006
 
NISM Series V-A MFD Workbook v December 2024.khhhjtgvwevoypdnew one must use ...
RoopaSherkar
 
BsN 7th Sem Course GridNNNNNNNN CCN.pdf
ZAMANYousufzai1
 
Solara Labs: Empowering Health through Innovative Nutraceutical Solutions
The lifescience magaizne
 
Laughter Yoga Basic Learning Workshop Manual
yeechensee
 
2025 Product Deck V1.0.pptxCATALOGTCLCIA
AndreaRominaHoyosSur2
 
New Microsoft PowerPoint Presentation - Copy.pptx
itsmesumedh96
 
Chapter four Project-Preparation material
argachewbochena1
 
HR Introduction Slide (1).pptx on hr intro
suhanidwivedi227
 
Elevate Cleaning Efficiency Using Tallfly Hair Remover Roller Factory Expertise
farsookmon97766765
 

Agile Software Security