handling of security requirements in software … › karlsruhe › 2017 › sites...handling of...
TRANSCRIPT
HANDLING OF SECURITYREQUIREMENTS IN SOFTWARE
DEVELOPMENT LIFECYCLEDANIEL KEFER, RENÉ REUTER
@DKEFER
@_ARES_SEC
ISSUES
REPEATING MISTAKES
SECURITY DOCUMENTATION
SECURITY BEHIND DEV PROCESSES ANDTOOLING
APPROACH
ALIGN THE PROCESS
SCALE
KISS
SECURITYRAT
USE CASESNew assets
Production assets
DEMO
INTERNALS
Requirement Skeletons
Optional Columns
Alternatives to Option Columns
Status Columns
Implementation Type
Collections
Tags
AUTHENTICATIONOwn authentication scheme
CAS (Central Authentication Service)
ROLESFrontend User
User
Admin
JIRA INTEGRATIONCross Origin Request Sharing
SecurityRAT inherits user‘s rights in JIRA
SECURITYCAT
FUTURE PLANS
SECURITYRAT 2.0https://github.com/SecurityRAT/SecurityRAT/wiki/Version-
2.0-Brainstorming
COMMUNITYIssues
Pull requests
Derived projects
THANK YOU FOR YOUR ATTENTION!https://securityrat.github.io