basic of ssdlc
TRANSCRIPT
Secure Software Development Life Cycle(SSDLC)
Chitpong Wuttanan
Not have Security Process
or last priority to do it
Microsoft
Security Development Lifecycle
http://www.microsoft.com/security/sdl/discover/default.aspx
if your developed, what step to do security?
Goals of Basic Security
C = Confidentiality
I = Integrity
A = Availability
What Developer must know?
What's Threat (www.owasp.org)
Cheat sheet and prevention cheat sheetSeach on google
How to hacking and protect (www.zone-h.com , www.xssed.com)
Benchmark Security of Tools(www.cisecurity.org)
Penetration Test drive
False negativeDo correct, software respond incorrect
False positiveDo incorrect, software respond correct
Start to improve security
LogKeep abnormal log
RequirementWhat and where to security on software
Know all in environmentInput data
Output data
We wouldn't have to spend so much time and effort on network security if we didn't have such bad software security
Bruce Schneier(Security Guru)
Security isn't just an IT issue. It's everyone's business.