SlideShare a Scribd company logo

Meetup code security

Download as PPSX, PDF
U
UttamParmar7

The document discusses the importance of security in the software development lifecycle, highlighting issues such as data breaches and crypto theft. It emphasizes the need for secure coding practices, automated testing tools, and design reviews to protect against supply chain attacks. Additionally, it mentions various tools and frameworks like Log4j and Snyk that can help ensure code security from conception to production.

Software
Related topics:
Insights on Software Development Information Security
1 of 12
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
Welcome
• Data breaches • LinkedIn : 165 million users • Facebook : 553 million users • New problem • Crypto theft • NFT theft The Loss
• Code is conceived • Design ( checklist or if tools is available ) • Cloud Architecture and Design reviews (OWASP checklists) • Code is born • IDE tools • Signing your code • Code becomes mature • Testing tools (OSS-Fuzz) • Testing checklist • Code is exposed to the world • Protect from Supply chain attacks (https://www.sigstore.dev/) • Make sure dependencies are secure (Snyk, Sonatype) Life of Code Design Coding Testing Production
Recently … • News and Article:- • https://bit.ly/3L914NR • https://zd.net/3gshHFW • Log4j is popular java logging framework. • 60 to 65% Applications use log4j internal or external. • Issue CVE code:-CVE-2021-45105 • Insecure Log4j code • Secure Log4j code
The Loss
Code is conceived • Design and Architecture review • Consider cloud and non-cloud deployments • Review major security aspects • Identity access management • Encryption • Threat monitoring • Data privacy & compliance • Automated security testing Life of Code Design
Code is born • Use automated code review tools • Follow Security Guidelines • Sign your code • Tools: • Sonar for Java – Angular • Security IntelliSense and .NET Security Guard for C# • Branch protection in GitHub and Azure Life of Code Coding
 Microsoft security rules  .NET security tools  Security IntelliSense  .NET Security Guard .NET Security Features
 Sonar dashboards  Github integration Dashboards and Github integrations
 Protection against developer identity theft  What does signed code looks like  How you can sign your code Code Signing
 Security starts at code  Embed security from early stages. Right from Design.  Every developer should use automated tools  Integrate code security checks Take aways
Questions and Snacks

More Related Content

PDF
Security Scanning Overview - Tetiana Chupryna (RUS) | Ruby Meditation 26
Ruby Meditation
 
PPTX
[OWASP Poland Day] Saving private token
OWASP
 
PPTX
The Ransomware Threat: Tracking the Digitial Footprints
k3vb0t
 
PDF
Ethical Hacking
Priyanka Aash
 
PPTX
Kali linux
afraalfalasii
 
PPTX
Path of Cyber Security
Satria Ady Pradana
 
PDF
Malware cryptomining uploadv3
Setia Juli Irzal Ismail
 
PPTX
Security in the Age of Open Source
Black Duck by Synopsys
 
Security Scanning Overview - Tetiana Chupryna (RUS) | Ruby Meditation 26
Ruby Meditation
 
[OWASP Poland Day] Saving private token
OWASP
 
The Ransomware Threat: Tracking the Digitial Footprints
k3vb0t
 
Ethical Hacking
Priyanka Aash
 
Kali linux
afraalfalasii
 
Path of Cyber Security
Satria Ady Pradana
 
Malware cryptomining uploadv3
Setia Juli Irzal Ismail
 
Security in the Age of Open Source
Black Duck by Synopsys
 

What's hot (15)

PDF
Aliaksei Skobeleu "Taking Control Over Code Metrics"
LogeekNightUkraine
 
PPTX
The difference between Penetration Testing and Red Team
Nimrod Levy
 
PDF
Lynis - Hardening and auditing for Linux, Mac and Unix - NLUUG May 2014
Michael Boelen
 
PDF
2014-04-28 cloud security frameworks and enforcement
Shawn Wells
 
PPTX
Kalilinux
almuhairi2000
 
PPTX
Secure application deployment in Apache CloudStack
Tim Mackey
 
PPTX
Secure application deployment in the age of continuous delivery
Tim Mackey
 
PPTX
Rise of software supply chain attack
Yadnyawalkya Tale
 
PDF
Android Tamer (Anant Shrivastava)
ClubHack
 
PDF
Securing Microservices with MicroProfile and Auth0v2
Payara
 
PDF
Python meetup
Jeffrey Clark
 
ODP
Collaboration Between Infosec Community and CERT Teams : Project Sonar case
Valdes Nzalli
 
PPT
cryptography deepan fav subject
deepan v
 
PDF
Securing Serverless by Breaking in
C4Media
 
PDF
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...
Edureka!
 
Aliaksei Skobeleu "Taking Control Over Code Metrics"
LogeekNightUkraine
 
The difference between Penetration Testing and Red Team
Nimrod Levy
 
Lynis - Hardening and auditing for Linux, Mac and Unix - NLUUG May 2014
Michael Boelen
 
2014-04-28 cloud security frameworks and enforcement
Shawn Wells
 
Kalilinux
almuhairi2000
 
Secure application deployment in Apache CloudStack
Tim Mackey
 
Secure application deployment in the age of continuous delivery
Tim Mackey
 
Rise of software supply chain attack
Yadnyawalkya Tale
 
Android Tamer (Anant Shrivastava)
ClubHack
 
Securing Microservices with MicroProfile and Auth0v2
Payara
 
Python meetup
Jeffrey Clark
 
Collaboration Between Infosec Community and CERT Teams : Project Sonar case
Valdes Nzalli
 
cryptography deepan fav subject
deepan v
 
Securing Serverless by Breaking in
C4Media
 
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...
Edureka!
 
Ad

Similar to Meetup code security (20)

PDF
Agile Application Security Enabling Security in a Continuous Delivery Pipelin...
piggsadamiso
 
PDF
Secure Software Ecosystem Teqnation 2024
Soroosh Khodami
 
PPTX
Code Review Cybersecurity: Comprehensive Guide to Secure Code Evaluation & B...
hamdi71
 
PDF
"CERT Secure Coding Standards" by Dr. Mark Sherman
Rinaldi Rampen
 
PDF
ProdSec: A Technical Approach
Jeremy Brown
 
PDF
Webinar - Developers Are Your Greatest AppSec Resource
Synopsys Software Integrity Group
 
PPTX
Santos-Ch10_Final(1).pptx
MuraliDorai1
 
PDF
VSLive Las Vegas - The Shift to Rugged DevOps
Rene Van Osnabrugge
 
PPTX
DEVSECOPS: Coding DevSecOps journey
Jason Suttie
 
PPTX
Securing Underprotected APIs - Deja vu Security
Deja vu Security
 
PPTX
HouSecCon 2019: Offensive Security - Starting from Scratch
Spencer Koch
 
PPTX
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Security Innovation
 
PDF
AppSec in an Agile World
David Lindner
 
PDF
VeraCode State of software security report volume5 2013
Cristiano Caetano
 
PDF
Security Checkpoints in Agile SDLC
Rahul Raghavan
 
PPTX
Security within Scaled Agile
Mark Underwood
 
PPT
Code Quality - Security
sedukull
 
PPTX
Sogeti Java Meetup - How to ensure your code is maintainable
Peter Rombouts
 
ODP
Making security-agile matt-tesauro
Matt Tesauro
 
PDF
Systems se
Franco Bressan
 
Agile Application Security Enabling Security in a Continuous Delivery Pipelin...
piggsadamiso
 
Secure Software Ecosystem Teqnation 2024
Soroosh Khodami
 
Code Review Cybersecurity: Comprehensive Guide to Secure Code Evaluation & B...
hamdi71
 
"CERT Secure Coding Standards" by Dr. Mark Sherman
Rinaldi Rampen
 
ProdSec: A Technical Approach
Jeremy Brown
 
Webinar - Developers Are Your Greatest AppSec Resource
Synopsys Software Integrity Group
 
Santos-Ch10_Final(1).pptx
MuraliDorai1
 
VSLive Las Vegas - The Shift to Rugged DevOps
Rene Van Osnabrugge
 
DEVSECOPS: Coding DevSecOps journey
Jason Suttie
 
Securing Underprotected APIs - Deja vu Security
Deja vu Security
 
HouSecCon 2019: Offensive Security - Starting from Scratch
Spencer Koch
 
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Security Innovation
 
AppSec in an Agile World
David Lindner
 
VeraCode State of software security report volume5 2013
Cristiano Caetano
 
Security Checkpoints in Agile SDLC
Rahul Raghavan
 
Security within Scaled Agile
Mark Underwood
 
Code Quality - Security
sedukull
 
Sogeti Java Meetup - How to ensure your code is maintainable
Peter Rombouts
 
Making security-agile matt-tesauro
Matt Tesauro
 
Systems se
Franco Bressan
 
Ad

Recently uploaded (20)

PDF
Nekopoi APK 2025 free lastest update
umarali35kp
 
PPTX
Advanced SystemCare Ultimate Crack + Portable (2025)
adanataj41
 
PDF
Digital Systems & Binary Numbers (comprehensive )
fyfhqfhtv2
 
PDF
AutoCAD Professional Crack 2025 With License Key
youngle786g
 
PDF
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
PDF
Designing Intelligence for the Shop Floor.pdf
nikglvk
 
PDF
How AI/LLM recommend to you ? GDG meetup 16 Aug by Fariman Guliev
HusseinMalikMammadli
 
PDF
Cost to Outsource Software Development in 2025
Omega Incorporations- Best Software Development Company
 
PDF
iTop VPN 6.5.0 Crack + License Key 2025 (Premium Version)
youngle786g
 
PDF
wealthsignaloriginal-com-DS-text-... (1).pdf
skmiani786
 
PDF
17 Powerful Integrations Your Next-Gen MLM Software Needs
ventaforcemlmsoftwar
 
PDF
AI-Powered Threat Modeling: The Future of Cybersecurity by Arun Kumar Elengov...
Arun Kumar Elengovan
 
PDF
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
PPTX
Oracle Fusion HCM Cloud Demo for Beginners
DharanOracleerp
 
PPTX
Reimagine Home Health with the Power of Agentic AI​
AutomationEdge Technologies
 
PPTX
Monitoring Stack: Grafana, Loki & Promtail
GhanshyamSwami3
 
PDF
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
PPTX
history of c programming in notes for students .pptx
Vijayakumari829030
 
PDF
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
PDF
Product Update: Alluxio AI 3.7 Now with Sub-Millisecond Latency
Alluxio, Inc.
 
Nekopoi APK 2025 free lastest update
umarali35kp
 
Advanced SystemCare Ultimate Crack + Portable (2025)
adanataj41
 
Digital Systems & Binary Numbers (comprehensive )
fyfhqfhtv2
 
AutoCAD Professional Crack 2025 With License Key
youngle786g
 
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
Designing Intelligence for the Shop Floor.pdf
nikglvk
 
How AI/LLM recommend to you ? GDG meetup 16 Aug by Fariman Guliev
HusseinMalikMammadli
 
Cost to Outsource Software Development in 2025
Omega Incorporations- Best Software Development Company
 
iTop VPN 6.5.0 Crack + License Key 2025 (Premium Version)
youngle786g
 
wealthsignaloriginal-com-DS-text-... (1).pdf
skmiani786
 
17 Powerful Integrations Your Next-Gen MLM Software Needs
ventaforcemlmsoftwar
 
AI-Powered Threat Modeling: The Future of Cybersecurity by Arun Kumar Elengov...
Arun Kumar Elengovan
 
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
Oracle Fusion HCM Cloud Demo for Beginners
DharanOracleerp
 
Reimagine Home Health with the Power of Agentic AI​
AutomationEdge Technologies
 
Monitoring Stack: Grafana, Loki & Promtail
GhanshyamSwami3
 
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
history of c programming in notes for students .pptx
Vijayakumari829030
 
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
Product Update: Alluxio AI 3.7 Now with Sub-Millisecond Latency
Alluxio, Inc.
 

Meetup code security

  • 2. • Data breaches • LinkedIn : 165 million users • Facebook : 553 million users • New problem • Crypto theft • NFT theft The Loss
  • 3. • Code is conceived • Design ( checklist or if tools is available ) • Cloud Architecture and Design reviews (OWASP checklists) • Code is born • IDE tools • Signing your code • Code becomes mature • Testing tools (OSS-Fuzz) • Testing checklist • Code is exposed to the world • Protect from Supply chain attacks (https://www.sigstore.dev/) • Make sure dependencies are secure (Snyk, Sonatype) Life of Code Design Coding Testing Production
  • 4. Recently … • News and Article:- • https://bit.ly/3L914NR • https://zd.net/3gshHFW • Log4j is popular java logging framework. • 60 to 65% Applications use log4j internal or external. • Issue CVE code:-CVE-2021-45105 • Insecure Log4j code • Secure Log4j code
  • 6. Code is conceived • Design and Architecture review • Consider cloud and non-cloud deployments • Review major security aspects • Identity access management • Encryption • Threat monitoring • Data privacy & compliance • Automated security testing Life of Code Design
  • 7. Code is born • Use automated code review tools • Follow Security Guidelines • Sign your code • Tools: • Sonar for Java – Angular • Security IntelliSense and .NET Security Guard for C# • Branch protection in GitHub and Azure Life of Code Coding
  • 8.  Microsoft security rules  .NET security tools  Security IntelliSense  .NET Security Guard .NET Security Features
  • 9.  Sonar dashboards  Github integration Dashboards and Github integrations
  • 10.  Protection against developer identity theft  What does signed code looks like  How you can sign your code Code Signing
  • 11.  Security starts at code  Embed security from early stages. Right from Design.  Every developer should use automated tools  Integrate code security checks Take aways

Editor's Notes

  • #3: Good morning everyone!! Hope you all are doing great!! As we all know that we are gathered here to collect somethings about Software Testing. Amm, wondering what Software Testing is? You have reached a right place where you can get all of your answers. Hello, hello, I am Taruna Chudasama with my colleague Falguni Patel from iFour technolab to deliver you a Seminar on Software Testing. so let’s get started. Here you can see the contents that we are going to cover today in this session. First of all, introduction to Software Testing, amm, it will contain the basic idea of what Software Testing is all about. Also we will discuss about the benefits, challenges, and future Software Testing. Also, you all will be given a chance to ask us the questions in the end. So, let’s start with what Software Testing is, with an example.
  • #4: Good morning everyone!! Hope you all are doing great!! As we all know that we are gathered here to collect somethings about Software Testing. Amm, wondering what Software Testing is? You have reached a right place where you can get all of your answers. Hello, hello, I am Taruna Chudasama with my colleague Falguni Patel from iFour technolab to deliver you a Seminar on Software Testing. so let’s get started. Here you can see the contents that we are going to cover today in this session. First of all, introduction to Software Testing, amm, it will contain the basic idea of what Software Testing is all about. Also we will discuss about the benefits, challenges, and future Software Testing. Also, you all will be given a chance to ask us the questions in the end. So, let’s start with what Software Testing is, with an example.
  • #6: Good morning everyone!! Hope you all are doing great!! As we all know that we are gathered here to collect somethings about Software Testing. Amm, wondering what Software Testing is? You have reached a right place where you can get all of your answers. Hello, hello, I am Taruna Chudasama with my colleague Falguni Patel from iFour technolab to deliver you a Seminar on Software Testing. so let’s get started. Here you can see the contents that we are going to cover today in this session. First of all, introduction to Software Testing, amm, it will contain the basic idea of what Software Testing is all about. Also we will discuss about the benefits, challenges, and future Software Testing. Also, you all will be given a chance to ask us the questions in the end. So, let’s start with what Software Testing is, with an example.
  • #7: Good morning everyone!! Hope you all are doing great!! As we all know that we are gathered here to collect somethings about Software Testing. Amm, wondering what Software Testing is? You have reached a right place where you can get all of your answers. Hello, hello, I am Taruna Chudasama with my colleague Falguni Patel from iFour technolab to deliver you a Seminar on Software Testing. so let’s get started. Here you can see the contents that we are going to cover today in this session. First of all, introduction to Software Testing, amm, it will contain the basic idea of what Software Testing is all about. Also we will discuss about the benefits, challenges, and future Software Testing. Also, you all will be given a chance to ask us the questions in the end. So, let’s start with what Software Testing is, with an example.
  • #8: Good morning everyone!! Hope you all are doing great!! As we all know that we are gathered here to collect somethings about Software Testing. Amm, wondering what Software Testing is? You have reached a right place where you can get all of your answers. Hello, hello, I am Taruna Chudasama with my colleague Falguni Patel from iFour technolab to deliver you a Seminar on Software Testing. so let’s get started. Here you can see the contents that we are going to cover today in this session. First of all, introduction to Software Testing, amm, it will contain the basic idea of what Software Testing is all about. Also we will discuss about the benefits, challenges, and future Software Testing. Also, you all will be given a chance to ask us the questions in the end. So, let’s start with what Software Testing is, with an example.
  • #13: Thank You.