1 / 22

Secure Development Lifecycle

Secure Development Lifecycle. Danny Allan Strategic Research Analyst Watchfire Corporation. Agenda. Background Enterprise Risk Management People Process Threat modeling vs. ERM Security as a quality Technology Automated & manual testing Sample ERM Model Summary. Not me ….

jarrett
Download Presentation

Secure Development Lifecycle

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Development Lifecycle Danny Allan Strategic Research Analyst Watchfire Corporation

  2. Agenda • Background • Enterprise Risk Management • People • Process • Threat modeling vs. ERM • Security as a quality • Technology • Automated & manual testing • Sample ERM Model • Summary

  3. Not me … • We have a firewall • We use an IDS • Isn’t that what IT does? • We’re using SSL

  4. Wait a second … • Application deployments are “highly” time critical • Application deployments are often late • Application deployments are often over-budget • “Won’t this add time, cost and resources?”

  5. Basic Premise • Enterprise Risk Management saves time, money and resources • Today: web application • Tomorrow: web service • Next week: Web 2.0 AJAX • Next year: Web 10.0 CCS.NTs

  6. Enterprise Risk Management People Process Technology

  7. People Process People Technology • Developer training • Security features ≠ secure programming • Security principles • Application threat classification

  8. People Process Security Principles Technology • Use least privilege • Defense in depth • Don’t trust user input • Check at the gate • Fail securely • Secure the weakest link • Create secure defaults • Reduce your attack surface

  9. People Process Application Threat Classification Technology Authentication Authorization Client-side attacks Command execution Information disclosure Logical attacks

  10. People Process Threat Modeling Technology • Structured approach to identifying, quantifying and addressing threats • Allows security personnel to communicate potential risks and prioritize remediation efforts in a tangible form

  11. People Process Threat Modeling Activities Technology

  12. People Process Enterprise Risk Mgmt Process Technology • Structured approach to designing, building and delivering web applications • Allows an organization to measure and communicate trustworthy computing in a tangible form

  13. People Process Definitions Technology • Proc·ess: a series of actions directed toward a specific aim • Tan·gi·ble: capable of being given a physical existence

  14. People Process Security as a Quality Vector Technology • Maps well to Software Development Lifecycle model

  15. People Process Automated & Manual Testing Technology • Automated Testing • White box (static code analysis) • Black box (web app scanners) • Strengths • Technical vulnerabilities • Scale and cost • Manual Testing • Strengths • Logical vulnerabilities • Human intelligence

  16. Entry Criteria Business requirements/objectives Constraints & assumptions Project plans High level architecture Activities Engage Security Expert Determine Predictive Threat Index Determine if application is a candidate for SDL process Identify key compliance objectives Define secure integration with external systems Define application security test process & deliverables Adjust project plan to include security resources Contract needed resources Review test process/strategy Review project plan & budget Deliverables Security Expert/Consultant assigned Preliminary security requirements defined Security test strategy Security integrated into the development process Predictive Threat Index (Asset Value, Attack Surface) Tools Security consultant Design Review Checklist Roles and Responsibilities Matrix Predictive Threat Index calculator Security Knowledge Portal Exit Test strategy approved Project plan approved People Process Phase: Requirements Technology

  17. Entry Criteria Security requirements Functional requirements Use cases Project plan & budget Activities Identify components responsible for security functions Identify secure design techniques Document attack surface Create threat model Review/modify security requirements Identify components for Secure Code Review Define security test requirements Determine authorization requirements model Update Security Master Test Plan Update test schedule and budget Deliverables Minimized application attack surface Application security test roles Threat model Security requirements in well defined components Test plans application security Certified components identified Tools Threat Model Checklist Threat Model Platform dependent coding checklist Certified Components Exit Baseline established for requirements, test schedule and test budget People Process Phase: Design Technology

  18. Entry Criteria Threat model Master test plan Security test plans Use cases/roles Activities Code Certified components Security development/coding guidelines Test / Verify Security Code Review Static code analyzer Deliverables Working application Tools Static Code Analyzer Certified Components Security Development Guidelines Exit Code verified using code review Code verified using static code analysis tool People Process Phase: Implementation Technology

  19. Entry Criteria Build from source code repository Test documents Unit & integration test results (no severity 1 defects) Activities Integrate Formal Secure Code Review Automated Application Assessment Final Security Review Review of all bugs for possible security vulnerabilities Review threat model for possible late developing threats Manual penetration testing Deliverables Problems, defects, enhancements logged Detailed test results Validated requirements Updated test results in centralized location Certification Tools Secure Code Review Automated security tool Manual Penetration Test Final Review Checklist Exit No high severity security defects People Process Phase: Integrate / Release Technology

  20. Summary • Enterprise Risk Management requires: • A tangible process • SDLC • Threat modeling (STRIDE / DREAD) • Security cooperation and guidance • Application developer buy-in

  21. Thanks • Questions? • Danny Allan • Office: 781.547.7833 • Dannya@watchfire.com • www.watchfire.com/securityzone

More Related