[CONFidence 2016] Glenn ten Cate - OWASP-SKF Making the web secure by design, become empowered, be THE Neo
0 likes88 views
The document outlines the importance of software security within the software development life cycle (SDLC) and emphasizes individual responsibility in coding practices. It discusses various levels of application security vulnerability defenses and mentions resources for secure programming. The goal is to enhance awareness of security risks and encourage developers to adopt best practices for robust software security.
[CONFidence 2016] Glenn ten Cate - OWASP-SKF Making the web secure by design, become empowered, be THE Neo
- 1. 1
- 2. Glenn ten Cate Twitter: @FooBar_testing_ Riccardo ten Cate Twitter: @RiieCco 2
- 3. Agenda • Why? • Software (AND Security) development life cycle 3 Developer, you are the one 3
- 4. Agenda • Why? • Software (AND Security) development life cycle 4 Hackers and automated ownage 4
- 5. Agenda • Why? • Software (AND Security) development life cycle 5 Coding mistakes, déjà vu. 5
- 6. Agenda • Why? • Software (AND Security) development life cycle 6 Barely hanging on … 6
- 7. Agenda • Why? • Software (AND Security) development life cycle 7 But there is always an option! 7
- 8. Agenda • Why? • Software (AND Security) development life cycle 8 There are ways to learn! 8
- 9. • Worldwide not-for-profit charitable. • Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. 9
- 10. Agenda • Why? • Software (AND Security) development life cycle 10 Be responsible for your code. 10
- 11. Verify your code • ASVS lvl1 Opportunistic It adequately defends against application security vulnerabilities that are easy to discover. • ASVS lvl2 Standard It adequately defends against prevalent application security vulnerabilities whose existence poses moderate-to-serious risk. • ASVS lvl3 Advanced It adequately defends against all advanced application security vulnerabilities, and also demonstrates principles of good security design. 11
- 12. What is S.K.F • Guide to secure programming By adapting your design to security, not securing your design • Security awareness It informs you about threats even before you wrote a single line of code. • Clear and transparent Provides information applicable for your specific needs on the spot. 12
- 13. Agenda • Why? • Software (AND Security) development life cycle 13 And now the blind dev can see. 13
- 14. Demo 14
- 15. Agenda • Why? • Software (AND Security) development life cycle 15 You know this, you are ready. 15
- 16. SDLC MANUAL • OWASP-SKF • Software Development Life Cycle • Code review • SAST • DAST 16
- 17. SDLC CI • OWASP-SKF • Software Development Life Cycle • Travis CI • Coveralls CI • Scrutinizer CI 17
- 18. Agenda • Why? • Software (AND Security) development life cycle 18 GitHub • https://github.com/blabla1337/skf-flask 18
- 19. Agenda • Why? • Software (AND Security) development life cycle 19 You have the skills … 19
- 20. Agenda • Why? • Software (AND Security) development life cycle 20 … you are the one. 20
- 21. Getting involved? • OWASP https://www.owasp.org/index.php/OWASP_Security_Knowledge_Fr amework • Website https://secureby.design Together we can make it big, strong and helpful! 21
- 22. Agenda • Why? • Software (AND Security) development life cycle 22 You are only as strong as the weakest developer in your team. 22
- 23. Questions? 23