Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Integrating security into an existing agile SDLC
Search
Laura Bell
September 12, 2014
Technology
170
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Integrating security into an existing agile SDLC
Laura Bell
September 12, 2014
More Decks by Laura Bell
See All by Laura Bell
DIY security for the amateur superhero
ladynerd
0
300
Hackcon 11 - Protecting our people
ladynerd
0
260
Security in a container based world
ladynerd
0
170
Securing Microservice Architectures
ladynerd
2
370
Better Connected
ladynerd
0
84
Continuous Security
ladynerd
3
1.2k
Automated Human Vulnerability Scanning with AVA
ladynerd
3
2.8k
Blindsided by security
ladynerd
0
150
Practical tools for privacy audit
ladynerd
0
230
Other Decks in Technology
See All in Technology
攻撃者がいなくてもAIエージェントはインシデントを起こす
nomizone
0
200
スタートアップにおけるアジャイルの実践について #shibuyagile
murabayashi
3
2.1k
AI時代のエンジニアキャリアについて今一度考える
sakamoto_582
1
1.2k
記録をかんたんに、提案をパーソナルに ── AIであすけんが目指すもの
oprstchn
0
140
最近評価が難しくなった
maroon8021
0
210
本当の”仕事”を手放せる未来が見えた
mu7889yoon
0
220
認証認可だけじゃない! ID管理の構成要素と ライフサイクルを意識しよう
ritou
1
470
デジタル・デザイン:次の50年を描く「進化する青写真」
y150saya
0
800
Claude Codeとハーネスについて考えてみる
oikon48
17
8.2k
AI時代における最適なQA組織の作り方
ymty
3
360
なぜ私たちのSREプラクティスはなかなか機能しないのか 〜システムより先に組織を見る〜 / Why our SRE practices aren't really working
vtryo
0
590
AIで政治は変わるのか? — 中高生と考えたAI時代の民主主義(東海高校サタデープログラム)
eitarosuda
0
380
Featured
See All Featured
Navigating Team Friction
lara
192
16k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.8k
Code Review Best Practice
trishagee
74
20k
Ten Tips & Tricks for a 🌱 transition
stuffmc
0
150
Google's AI Overviews - The New Search
badams
0
1.1k
Navigating the moral maze — ethical principles for Al-driven product design
skipperchong
2
400
SERP Conf. Vienna - Web Accessibility: Optimizing for Inclusivity and SEO
sarafernandez
2
1.5k
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
marketingsoph
0
180
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
akashhashmi
0
380
Breaking role norms: Why Content Design is so much more than writing copy - Taylor Woolridge
uxyall
0
340
svc-hook: hooking system calls on ARM64 by binary rewriting
retrage
2
330
Build your cross-platform service in a week with App Engine
jlugia
234
18k
Transcript
ARC208
once upon a time design code stuff ideas test deploy
security was all about gates design code stuff idea test
deploy
and goodness do we love gates design code stuff idea
test deploy Initial Risk Assessment Design Review Code and Implementation Review Penetration Testing
same thing, just more frequently?
None
Why don’t you do security?
we can make you look good Proactive security engagement increases:
Preparedness Credibility Market awareness Strategic thinking
So what does agile security need to be 1. Able
to empower developers 2. Cost effective 3. Pragmatic and flexible 4. Easy to integrate with existing workflows 5. Scalable
common misconceptions
avoidance != management
too little to fail (at security)
the sky is not always falling* *except when it is
(then you should really do something about it)
agility increases risk
Ten steps to a better, stronger and more secure you
regardless of budget, organisation size or how cool you are
1. know your stack Languages Libraries Operating Systems Applications Third
Party Services
2. learn to add, adapt and abandon
3. create a simple risk taxonomy Critical High Medium Low
Informational False Positive
4. understand your security and technical debt it’s natural and
awesome but you can’t run from it forever
5. bring security into your requirements “engage security early and
often and be sure to have it included in your definition of done”
6. prepare for the worst Monitoring Analysis Understanding Response Feedback
7. build an empire one developer at a time
8. design your workflows “the best technical people I know
work really hard to make themselves redundant. “
fails
10. outsource smartly “if you are going to spend the
money, research your options, scope well and be demanding”
common challenges and how to conquer, obliterate or otherwise win
compliance is a priority “nothing is more fatal to a
new business than the fines for non-compliance”
maintain momentum “more secure today than yesterday”
use your words No Simple way to remove risk Must
be logically applied and justified Does not remove the original need or objective Yes Scary for security people Accepts risks and understands them Enables innovation Encourage safe usage
None
Ready to get started? …take a deep breath
None
None