Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security from Inception

Security from Inception

A talk with practical examples of how security can be built into agile projects from their inception.

Matt Konda

July 11, 2014

More Decks by Matt Konda

Other Decks in Technology


  1. Introduction 1997 2006 2014 Consultant Engineer Software Architect Director of

    Engineering Rabble Rouser: Perl Java Applet C++ J2EE J2EE
 Spring Analytics Certificate Authority Vulnerability Scanner Penetration Test Manager ! Pricing Retail Banking Manufacturing Pharma Healthcare Research Ruby Rails Chicago BSides 2011, 2012 Defcon Skytalk OWASP Chicago, MSP 2013 AppSec USA 2012, 2013 ChicagoRuby 2013 Secure 360 Lone Star Ruby 2013 WindyCityRails 2013 Chicago JUG 2014 RailsConf 2014 Converge 2014 MS in CS Founder Consultant Agile Clojure Graph Database Trying to hack a business model that succeeds while helping developers. Domains: Projects: ! Training Coaching Code Review Plugged in to SDLC Consulting Assessments
  2. Ɣ Ɣ 5(/,$%,/,7< 0$,17$,1$%,/,7< Ɣ Ɣ Ɣ Ɣ Ɣ Ɣ

    Ɣ Ɣ 6(&85,7< ruggeddev.org @ruggeddev rugged
  3. Summary • Villain Person from Inception • baseline Security Requirements

    Up Front • Story Review for Security: acceptance criteria • Security Requirements included in stories PRE estimation • Incremental Code Review • Share Tools: planning, collaboration, build • Participate in Standup • operational and monitoring guide • Facilitate - ask questions - stay involved