avoiding the pitfalls of secure sdlc
DESCRIPTION
Avoiding the Pitfalls of Secure SDLC. Succeeding with Automation. Introductions. Status Quo. Where we find flaws today. Highest ROI. Look familiar?. Relative cost to fix, based on time of detection. Source: NIST. February 2012 Report from Quocirca. Results of an Open SAMM Assessment. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Avoiding the Pitfalls of Secure SDLC](https://reader036.vdocuments.mx/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/1.jpg)
Avoiding the Pitfalls of Secure SDLC
Succeeding with Automation
![Page 2: Avoiding the Pitfalls of Secure SDLC](https://reader036.vdocuments.mx/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/2.jpg)
Introductions
![Page 3: Avoiding the Pitfalls of Secure SDLC](https://reader036.vdocuments.mx/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/3.jpg)
Status Quo
![Page 4: Avoiding the Pitfalls of Secure SDLC](https://reader036.vdocuments.mx/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/4.jpg)
Requir
emen
ts / A
rchite
cture
Coding
Integ
ration
/ Com
pone
nt Tes
ting
System
/ Acc
eptan
ce T
estin
g
Produc
tion /
Pos
t-Rele
ase
1x6x
11x16x21x26x31x36x
Rel
ativ
e co
st to
fix,
bas
ed o
n tim
e of
det
ectio
n
Source: NIST
Highest ROI
Where we find flaws today
Look familiar?
![Page 5: Avoiding the Pitfalls of Secure SDLC](https://reader036.vdocuments.mx/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/5.jpg)
February 2012 Report from Quocirca
![Page 6: Avoiding the Pitfalls of Secure SDLC](https://reader036.vdocuments.mx/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/6.jpg)
Results of an Open SAMM Assessment
![Page 7: Avoiding the Pitfalls of Secure SDLC](https://reader036.vdocuments.mx/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/7.jpg)
Problems with Verification
![Page 8: Avoiding the Pitfalls of Secure SDLC](https://reader036.vdocuments.mx/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/8.jpg)
Security Requirements
42%
58%
Not covered by scannersCan be caught by scanners
![Page 9: Avoiding the Pitfalls of Secure SDLC](https://reader036.vdocuments.mx/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/9.jpg)
Scaling: Self-Serve
![Page 10: Avoiding the Pitfalls of Secure SDLC](https://reader036.vdocuments.mx/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/10.jpg)
Solution: Automated, Criteria-based
Requirements Generation
![Page 11: Avoiding the Pitfalls of Secure SDLC](https://reader036.vdocuments.mx/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/11.jpg)
Context
![Page 12: Avoiding the Pitfalls of Secure SDLC](https://reader036.vdocuments.mx/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/12.jpg)
Matched Against Rules
![Page 13: Avoiding the Pitfalls of Secure SDLC](https://reader036.vdocuments.mx/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/13.jpg)
Generates Threats
![Page 14: Avoiding the Pitfalls of Secure SDLC](https://reader036.vdocuments.mx/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/14.jpg)
Matched Against Rules
![Page 15: Avoiding the Pitfalls of Secure SDLC](https://reader036.vdocuments.mx/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/15.jpg)
Which Have Countermeasures
![Page 16: Avoiding the Pitfalls of Secure SDLC](https://reader036.vdocuments.mx/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/16.jpg)
Apply the context for specific guidelines
![Page 17: Avoiding the Pitfalls of Secure SDLC](https://reader036.vdocuments.mx/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/17.jpg)
And (Optionally) Import into ALM
![Page 18: Avoiding the Pitfalls of Secure SDLC](https://reader036.vdocuments.mx/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/18.jpg)
Program Justification:$4k to find vuln in
production
![Page 19: Avoiding the Pitfalls of Secure SDLC](https://reader036.vdocuments.mx/reader036/viewer/2022081511/56815f2b550346895dcdf5da/html5/thumbnails/19.jpg)
[email protected]@sdelements.com