secure development 2014
DESCRIPTION
Secure development 2014TRANSCRIPT
![Page 1: Secure development 2014](https://reader033.vdocuments.mx/reader033/viewer/2022042816/5593aed41a28ab943f8b4795/html5/thumbnails/1.jpg)
Sigal Russin & Pini Cohen / Copyright@2014Do not remove source or attribution
From any slide, graph or portion of graph
How does the CIO deliver?
With good vibrations…
Pini Cohen Sigal Russin
STKI “IT Knowledge Integrators”[email protected]
![Page 2: Secure development 2014](https://reader033.vdocuments.mx/reader033/viewer/2022042816/5593aed41a28ab943f8b4795/html5/thumbnails/2.jpg)
Sigal Russin & Pini Cohen / Copyright@2014Do not remove source or attribution
From any slide, graph or portion of graph 2
![Page 3: Secure development 2014](https://reader033.vdocuments.mx/reader033/viewer/2022042816/5593aed41a28ab943f8b4795/html5/thumbnails/3.jpg)
Sigal Russin & Pini Cohen / Copyright@2014Do not remove source or attribution
From any slide, graph or portion of graph 3
![Page 4: Secure development 2014](https://reader033.vdocuments.mx/reader033/viewer/2022042816/5593aed41a28ab943f8b4795/html5/thumbnails/4.jpg)
Sigal Russin & Pini Cohen / Copyright@2014Do not remove source or attribution
From any slide, graph or portion of graph
STKI index website 2
4
![Page 5: Secure development 2014](https://reader033.vdocuments.mx/reader033/viewer/2022042816/5593aed41a28ab943f8b4795/html5/thumbnails/5.jpg)
Sigal Russin & Pini Cohen / Copyright@2014Do not remove source or attribution
From any slide, graph or portion of graph
STKI index website 3
5
![Page 6: Secure development 2014](https://reader033.vdocuments.mx/reader033/viewer/2022042816/5593aed41a28ab943f8b4795/html5/thumbnails/6.jpg)
New business scenario: big maneuvers vs. small gains
• Examples: Walmart, social time to respond, smaller telemarketing list
![Page 7: Secure development 2014](https://reader033.vdocuments.mx/reader033/viewer/2022042816/5593aed41a28ab943f8b4795/html5/thumbnails/7.jpg)
Or: Take full advantage
![Page 8: Secure development 2014](https://reader033.vdocuments.mx/reader033/viewer/2022042816/5593aed41a28ab943f8b4795/html5/thumbnails/8.jpg)
Why does IT need to adapt?
Source: 2006 http://cacm.acm.org/magazines/2006/10/5805-why-spoofing-is-serious-internet-fraud/abstract
2006 E-Banking Site
DX.com
Comparison engines
AlertsWeb Analytics
A-B testing
Recommendation engines
Social media integrationWish Lists
Likes
Much more
8
![Page 9: Secure development 2014](https://reader033.vdocuments.mx/reader033/viewer/2022042816/5593aed41a28ab943f8b4795/html5/thumbnails/9.jpg)
These new systems are called: “Systems of Engagement”
Source: http://www.agencyport.com/blog/?attachment_id=3713
9
![Page 10: Secure development 2014](https://reader033.vdocuments.mx/reader033/viewer/2022042816/5593aed41a28ab943f8b4795/html5/thumbnails/10.jpg)
IT is divided into two distinct “worlds”
Invest in new
systems
Reduce OperatingExpenses
Long development and deployment cycles
Touch peopleIn-moment decisionsPersonalized & in-contextSocial and analytics driven
short & rapid releases
10
![Page 11: Secure development 2014](https://reader033.vdocuments.mx/reader033/viewer/2022042816/5593aed41a28ab943f8b4795/html5/thumbnails/11.jpg)
Pini Cohen and Sigal Russin's work Copyright@2013
Do not remove source or attribution from any slide, graph or portion of
graph
Domains of change
• Focus on generating business value through agility and flexibility
Agile Development
BYOD \BYO everything
Public Cloud
Open Source
Big Data
Devops
Mobile First
Commodity HW (or specific build)
11
Source: http://highscalability.com/blog/2012/5/7/startups-are-creating-a-new-system-of-the-world-for-it.html STKI modifications
![Page 12: Secure development 2014](https://reader033.vdocuments.mx/reader033/viewer/2022042816/5593aed41a28ab943f8b4795/html5/thumbnails/12.jpg)
Lately “I was not happy” (corporate IT situation)
12
![Page 13: Secure development 2014](https://reader033.vdocuments.mx/reader033/viewer/2022042816/5593aed41a28ab943f8b4795/html5/thumbnails/13.jpg)
This year is “Good Vibrations Year”
•Continuous integration with Jenkins. Agile development projects.
•Open source code in governmental projects. Hadoop, NoSQL initial projects.
•Users deploy CRM and other strategic application in SaaS. Corporate sites at Azure. Email at 365 and Google.
•Develop web apps in php, python. Users consider Puppet, Chef, Openstack.
13
Not in all organization. Not in all areas. But still, organizations starting to embrace contemporary technologies and processes!
![Page 14: Secure development 2014](https://reader033.vdocuments.mx/reader033/viewer/2022042816/5593aed41a28ab943f8b4795/html5/thumbnails/14.jpg)
The current “kings” are threatened
• SDN – Openflow , NiciraCISCO
• Mobile market share
• Traction of startups and cloud providers Microsoft
• Lower margins in printers, servers, PCHP
• Open source alternatives – OpenstackVMWARE
• NoSQL\Hadoop
• Cloud \SaaSOracle
• Monitoring is provided by platforms (cloud, PaaS, etc.)Monitoring vendors (CA BMC HP IBM)
• Publick Cloud
• Software Defined Storage
• NoSQL\Hadoop
Storage vendors (EMC NETAPP, etc.)
• CentosRedhat
14
![Page 15: Secure development 2014](https://reader033.vdocuments.mx/reader033/viewer/2022042816/5593aed41a28ab943f8b4795/html5/thumbnails/15.jpg)
Major Application development trends
•Mobile first
•Responsive Web
•Client based web applications (with Rest API’s)
•Proliferation of web JS frameworks and in general development tools
•Development on cloud. PAAS frameworks (CloudFoundry, Openshift)
•Continuous integration\deployment – Devops –Dockers
•Microservices
15
![Page 16: Secure development 2014](https://reader033.vdocuments.mx/reader033/viewer/2022042816/5593aed41a28ab943f8b4795/html5/thumbnails/16.jpg)
Major security trends
16
IT is not only changing information security tools but also an internal vision of security inside your business.
![Page 17: Secure development 2014](https://reader033.vdocuments.mx/reader033/viewer/2022042816/5593aed41a28ab943f8b4795/html5/thumbnails/17.jpg)
For a start - Development Problems
•Buffer Overflow
Buffer which crosses the volume of information allocated to it in a timely manner. It allows attackers to travel outside the buffer and overwrite important information to continue running the program.
In many, utilizing this weakness allows running code injected by the attacker.
17
![Page 18: Secure development 2014](https://reader033.vdocuments.mx/reader033/viewer/2022042816/5593aed41a28ab943f8b4795/html5/thumbnails/18.jpg)
Development Problems
•DOS- Denial Of Service
Ping of death- Due to increased bandwidth browsing, this attack does not pose a risk.
Local Denial of Service:
"Stealing" all possible memory from the operating system, as well as prevention service by blocking the regular work with your computer.
18
![Page 19: Secure development 2014](https://reader033.vdocuments.mx/reader033/viewer/2022042816/5593aed41a28ab943f8b4795/html5/thumbnails/19.jpg)
Development Problems
Distributed Denial of Service:
Many different points make one or more requests for a particular service any network and is usually carried out through many computers controlled by a single operator.
•Code Injection
Cross Site Scripting
HTML/Javascript/ SQL injection
The user can enter any code to run it through the software, and do whatever the spirit through the code they injected.
•Race Condition- Resource Condition
Resource conflicts in software refers to the fact that the resource is used by more than one code divides the software (memory disposed).
19
![Page 20: Secure development 2014](https://reader033.vdocuments.mx/reader033/viewer/2022042816/5593aed41a28ab943f8b4795/html5/thumbnails/20.jpg)
Development vs. Security
20
![Page 21: Secure development 2014](https://reader033.vdocuments.mx/reader033/viewer/2022042816/5593aed41a28ab943f8b4795/html5/thumbnails/21.jpg)
סדר יום לדיון
נציגות אבטחת -בעזרת מעורבות אבטחת מידע" אידאלי"פיתוח מהו תהליך •מידע באגף הפיתוח
בנושא פיתוח מאובטח כולל מוצרים בענןמוצרים ·•
אבטחת המידע בתחילת פרויקט פיתוחתקציב ·•
לשפר תהליכים ארגוניים עוד בשלב הפיתוח מבחינת אבטחה כיצד ·•
והמלצות ארגונים בנושאטיפים ·•
21
![Page 22: Secure development 2014](https://reader033.vdocuments.mx/reader033/viewer/2022042816/5593aed41a28ab943f8b4795/html5/thumbnails/22.jpg)
Sigal Russin & Pini Cohen / Copyright@2014Do not remove source or attribution
From any slide, graph or portion of graph 22
Thank you!