Secure Software Development Life Cycle(SSDLC)

Chitpong Wuttanan

Not have Security Process
or last priority to do it

Microsoft
Security Development Lifecycle

http://www.microsoft.com/security/sdl/discover/default.aspx

if your developed, what step to do security?

Goals of Basic Security

C = Confidentiality

I = Integrity

A = Availability

What Developer must know?

What's Threat (www.owasp.org)

Cheat sheet and prevention cheat sheetSeach on google

How to hacking and protect (www.zone-h.com , www.xssed.com)

Benchmark Security of Tools(www.cisecurity.org)

Penetration Test drive

False negativeDo correct, software respond incorrect

False positiveDo incorrect, software respond correct

Start to improve security

LogKeep abnormal log

RequirementWhat and where to security on software

Know all in environmentInput data

Output data

We wouldn't have to spend so much time and effort on network security if we didn't have such bad software security

Bruce Schneier(Security Guru)

Security isn't just an IT issue. It's everyone's business.