Software Security a Modern Overview

Transcript

1. Software Security A MODERN OVERVIEW Andres Cespedes Morales @pedes @

   andrespedes12

2. Do you deal with security-related concerns in your daily life

   or job?

3. I bet, you do! Documents Store them in a safe

   box Home Keys and locks Car Set alarms ATM Remember your pins Web Keep passwords Phone You set lock patterns

4. Security in Software Engineering Best Practices Coding Standards Architecture Design

   Policies Network Tools & Processes

5. 4,100,000,000 Records breached in 2019 (RiskBased Security Report)

6. Security is a concern, not a feature

7. Senior Instructor @ MuleSoft (a Salesforce company) Andres Cespedes Morales

   @pedes @ andrespedes12

8. WHAT & WHY SECURITY 01 An overview of software security,

   and its importance PITFALLS AND ITS IMPACT 02 Which problems could you run into? BEST PRACTICES, TOOLS & METHODS 03 Improve your awareness and your defense toolbelt WHAT’S NEXT? 04 Tap into the superpowers of security AGENDA

9. 01 WHAT & WHY SECURITY

10. WHAT IS SOFTWARE SECURITY? AWARENESS What was in risk, what

    is in risk and what will it be. TRAINING Don’t forget the human factor TECHNOLOGY You need tools to ease the goal achievement ASSESSMENT Measure. Rinse and repeat

11. Confidentiality Integrity Equivalent to privacy Equivalent to consistency SECURITY AIMS

    TO CIA Availability Ready!

12. BUT, AGAIN…. WHY?

13. THE WINNER IS …. HUMANS

14. HUMANS CAN SLIP UP MALICE Humans are evil ERROR Unconscious

    mistake CHANCE Yes! Bad luck still matters I’m just a filler

15. 02 PITFALLS AND ITS IMPACT

16. THREATS & ATTACKS (Threat) Bad things could happen to your

    assets, based on a type of action (attack)

17. ASSETS Whatever that could be in risk

18. A STORY ABOUT COMPUTER SECURITY The Turing Machine responsible for

    cracking the Nazi encryption system known as Enigma.

19. Damage related to cybercrime is projected to hit $6 trillion

    annually by 2021 FINANCIAL POLITICAL A data breach could be used to influence the elections IMPACT

20. You already can see this with marketing and media campaigns

    SOCIAL ENVIRONMENTAL Misuse of equipment, or data can also influence environmental-critical decisions. IMPACT

21. —SOMEONE FAMOUS “A chain is only as strong as its

    weakest link.”

22. 03 BEST PRACTICES, TOOLS & METHODS

23. HOW TO PREVENT THIS TURMOIL?

24. Let’s take a look from different perspectives, as software developer,

    as architect, as user, as manager, etc. SOLUTION

25. Start with the Best Practices. The project OWASP is the

    place to start. DEVELOPER

26. TOP 10 THREATS STANDARDS Top 10 web security risks Also,

    Top 10 for APIs OWASP Secure Coding Practices-Quick Reference Guide OWASP

27. NIST - Guide to Secure Web Services DEVELOPER

28. CERT Coding Standard. Association with Carnegie Mellon University DEVELOPER

29. • Read • Read • Read • And …. R...

    Code! ARCHITECT

30. Evaluate tools and make everyone else’s life easier ARCHITECT

31. Includes sysadmin or Ops roles. (a.k.a devsecops) Automate it! DEVOPS

32. NIST Cybersecurity Framework & Security Considerations in the System Development

    Life Cycle MANAGER

33. SOFTWARE PROFESSIONAL

34. Check if your credentials have been compromised https://haveibeenpwned.com/ AS HUMAN

35. Wait… There’s more!

36. Hacking mindset, Bug bounty programs, Certifications. STEP FURTHER

37. Bug Bounty Hacking Hunt for issues and get Money! Think

    like your enemy OFFENSIVE MODE

38. 04 IT’S A WRAP!

39. 82% of employers report a shortage of cybersecurity skills 0%

    cybersecurity unemployment rate for 2021

40. WORLD WITHOUT SECURITY BREACHES

41. SUMMARY WE Own security at our working place and daily

    life START By taking a simple step PROTECTING Your assets, data and resources OFFENSIVE is the ultimate defense technique

42. CREDITS: This presentation template was created by Slidesgo, including icons

    by Flaticon, infographics & images by Freepik and illustrations by Stories THANKS! Java2Days Do you have any questions? Thanks Dave Gandy & Freepik for the icons @pedes andrespedes12