OWASP-SKF Making the web secure by design - Glenn ten Cate - Codemotion Amsterdam 2016
0 likes6,779 views
The document outlines the importance of software security in the development lifecycle, stressing that developers need to take responsibility for their code. It introduces various security frameworks and emphasizes the need for awareness and best practices to defend against vulnerabilities. Additionally, it encourages collaboration through resources like OWASP and secure programming guides.
OWASP-SKF Making the web secure by design - Glenn ten Cate - Codemotion Amsterdam 2016
- 1. 1
- 2. Glenn ten Cate Twitter: @FooBar_testing_ Riccardo ten Cate Twitter: @RiieCco 2
- 3. Agenda • Why? • Software (AND Security) development life cycle 3 Developer, you are the one 3
- 4. Agenda • Why? • Software (AND Security) development life cycle 4 Coding mistakes, déjà vu. 4
- 5. Agenda • Why? • Software (AND Security) development life cycle 5 Barely hanging on … 5
- 6. Agenda • Why? • Software (AND Security) development life cycle 6 But there is always an option! 6
- 7. Agenda • Why? • Software (AND Security) development life cycle 7 There are ways to learn! 7
- 8. • Worldwide not-for-profit charitable. • Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. 8
- 9. Agenda • Why? • Software (AND Security) development life cycle 9 Be responsible for your code. 9
- 10. Verify your code • ASVS lvl1 Opportunistic It adequately defends against application security vulnerabilities that are easy to discover. • ASVS lvl2 Standard It adequately defends against prevalent application security vulnerabilities whose existence poses moderate-to-serious risk. • ASVS lvl3 Advanced It adequately defends against all advanced application security vulnerabilities, and also demonstrates principles of good security design. 10
- 11. What is S.K.F • Guide to secure programming By adapting your design to security, not securing your design • Security awareness It informs you about threats even before you wrote a single line of code. • Clear and transparent Provides information applicable for your specific needs on the spot. 11
- 12. Agenda • Why? • Software (AND Security) development life cycle 12 And now the blind dev can see. 12
- 13. Demo 13
- 14. Agenda • Why? • Software (AND Security) development life cycle 14 You know this, you are ready. 14
- 15. SDLC MANUAL • OWASP-SKF • Software Development Life Cycle • Code review • SAST • DAST 15
- 16. SDLC CI • OWASP-SKF • Software Development Life Cycle • Travis CI • Coveralls CI • Scrutinizer CI 16
- 17. Agenda • Why? • Software (AND Security) development life cycle 17 GitHub • https://github.com/blabla1337/skf-flask 17
- 18. Agenda • Why? • Software (AND Security) development life cycle 18 You have the skills … 18
- 19. Agenda • Why? • Software (AND Security) development life cycle 19 … you are the one. 19
- 20. Getting involved? • OWASP https://www.owasp.org/index.php/OWASP_Security_Knowledge_Fr amework • Website https://secureby.design Together we can make it big, strong and helpful! 20
- 21. Agenda • Why? • Software (AND Security) development life cycle 21 You are only as strong as the weakest developer in your team. 21
- 22. Questions? 22