security vs. development: the sdlc's game of thrones
TRANSCRIPT
![Page 1: Security vs. Development: The SDLC's Game of Thrones](https://reader031.vdocuments.us/reader031/viewer/2022022201/589d299d1a28abeb478b646d/html5/thumbnails/1.jpg)
Security vs. Development: The SDLC’s Game of Thrones
Presenters:Ian Spiro, CodiscopeNabil Hannan, Cigital
![Page 2: Security vs. Development: The SDLC's Game of Thrones](https://reader031.vdocuments.us/reader031/viewer/2022022201/589d299d1a28abeb478b646d/html5/thumbnails/2.jpg)
Motivation• Ensure the software that
powers our business secure and risks are limited.
Battle Cry• Build Security In
Weapons• SAST, DAST• Training• Architecture Analysis
![Page 3: Security vs. Development: The SDLC's Game of Thrones](https://reader031.vdocuments.us/reader031/viewer/2022022201/589d299d1a28abeb478b646d/html5/thumbnails/3.jpg)
Motivation• Continuously deliver
valuable software to the customer.
Battle Cry• Keep It Simple
Weapons• Open source• IDEs
![Page 4: Security vs. Development: The SDLC's Game of Thrones](https://reader031.vdocuments.us/reader031/viewer/2022022201/589d299d1a28abeb478b646d/html5/thumbnails/4.jpg)
Catalyst 1: Security Responsibility
• Companywide ownership• Invest in resources• Proactive not reactive
• Yesterday’s bugs are bad• Tool integration
![Page 5: Security vs. Development: The SDLC's Game of Thrones](https://reader031.vdocuments.us/reader031/viewer/2022022201/589d299d1a28abeb478b646d/html5/thumbnails/5.jpg)
Catalyst 2: Tool Deployment
• Embed in dev culture• Make them easy to use
• Provide tool training• Integrate in process• See productivity gains
![Page 6: Security vs. Development: The SDLC's Game of Thrones](https://reader031.vdocuments.us/reader031/viewer/2022022201/589d299d1a28abeb478b646d/html5/thumbnails/6.jpg)
Catalyst 3: Communication
• Vet bug lists• Collaborate on solutions• Speak the same language• Negatives are hard to prove
![Page 7: Security vs. Development: The SDLC's Game of Thrones](https://reader031.vdocuments.us/reader031/viewer/2022022201/589d299d1a28abeb478b646d/html5/thumbnails/7.jpg)
Maintaining Peace
• Secure from the start
• Threat modeling
• Training
![Page 8: Security vs. Development: The SDLC's Game of Thrones](https://reader031.vdocuments.us/reader031/viewer/2022022201/589d299d1a28abeb478b646d/html5/thumbnails/8.jpg)
Questions?
• More questions email us [email protected]
• Resources• Agile Security Manifesto | sws.ec/man1festo• Jacks, as SAST tool for developers | jacks.codiscope.com• Delivering Security in an Agile World | sws.ec/agil3