handling of security requirements in software … › karlsruhe › 2017 › sites...handling of...

HANDLING OF SECURITYREQUIREMENTS IN SOFTWARE

DEVELOPMENT LIFECYCLEDANIEL KEFER, RENÉ REUTER

@DKEFER

@_ARES_SEC

ISSUES

REPEATING MISTAKES

SECURITY DOCUMENTATION

SECURITY BEHIND DEV PROCESSES ANDTOOLING

APPROACH

ALIGN THE PROCESS

SECURITYRAT

USE CASESNew assets

Production assets

INTERNALS

Based on JHipster

Requirement Skeletons

Optional Columns

Alternatives to Option Columns

Status Columns

Implementation Type

Collections

AUTHENTICATIONOwn authentication scheme

CAS (Central Authentication Service)

ROLESFrontend User

JIRA INTEGRATIONCross Origin Request Sharing

SecurityRAT inherits user‘s rights in JIRA

SECURITYCAT

FUTURE PLANS

SECURITYRAT 2.0https://github.com/SecurityRAT/SecurityRAT/wiki/Version-

2.0-Brainstorming

COMMUNITYIssues

Pull requests

Derived projects

THANK YOU FOR YOUR ATTENTION!https://securityrat.github.io

dan.kefer@gmail.com

reuter.rene@gmail.com

handling of security requirements in software … › karlsruhe › 2017 › sites...handling of...

Documents

enterprise security requirements

software security requirements...

computer security incident handling guide

application security requirements

safe food handling & distribution requirements for tafb

building security requirements

bgp security requirements

meljun cortes handling error and security

oracle security 01-security requirements & solutions

aviation security e-learning - airportcollege.com · the...

nist computer security incident handling guide

security design requirements

agile workshop: handling changing requirements

inah omoronyia and tor stålhane requirements handling

security architecture requirements (adv arc) for smart...

assessment of municipal solid waste handling requirements...

security and regulatory requirements for public … and...

henze et al.: complying with data handling … · henze et...

handling security incidents

handling advanced - blackstorm security