Software Security a Modern Overview

Slide 1

Slide 1 text

Software Security A MODERN OVERVIEW Andres Cespedes Morales @pedes @ andrespedes12

Slide 2

Slide 2 text

Do you deal with security-related concerns in your daily life or job?

Slide 3

Slide 3 text

I bet, you do! Documents Store them in a safe box Home Keys and locks Car Set alarms ATM Remember your pins Web Keep passwords Phone You set lock patterns

Slide 4

Slide 4 text

Security in Software Engineering Best Practices Coding Standards Architecture Design Policies Network Tools & Processes

Slide 5

Slide 5 text

4,100,000,000 Records breached in 2019 (RiskBased Security Report)

Slide 6

Slide 6 text

Security is a concern, not a feature

Slide 7

Slide 7 text

Senior Instructor @ MuleSoft (a Salesforce company) Andres Cespedes Morales @pedes @ andrespedes12

Slide 8

Slide 8 text

WHAT & WHY SECURITY 01 An overview of software security, and its importance PITFALLS AND ITS IMPACT 02 Which problems could you run into? BEST PRACTICES, TOOLS & METHODS 03 Improve your awareness and your defense toolbelt WHAT’S NEXT? 04 Tap into the superpowers of security AGENDA

Slide 9

Slide 9 text

01 WHAT & WHY SECURITY

Slide 10

Slide 10 text

WHAT IS SOFTWARE SECURITY? AWARENESS What was in risk, what is in risk and what will it be. TRAINING Don’t forget the human factor TECHNOLOGY You need tools to ease the goal achievement ASSESSMENT Measure. Rinse and repeat

Slide 11

Slide 11 text

Conﬁdentiality Integrity Equivalent to privacy Equivalent to consistency SECURITY AIMS TO CIA Availability Ready!

Slide 12

Slide 12 text

BUT, AGAIN…. WHY?

Slide 13

Slide 13 text

THE WINNER IS …. HUMANS

Slide 14

Slide 14 text

HUMANS CAN SLIP UP MALICE Humans are evil ERROR Unconscious mistake CHANCE Yes! Bad luck still matters I’m just a ﬁller

Slide 15

Slide 15 text

02 PITFALLS AND ITS IMPACT

Slide 16

Slide 16 text

THREATS & ATTACKS (Threat) Bad things could happen to your assets, based on a type of action (attack)

Slide 17

Slide 17 text

ASSETS Whatever that could be in risk

Slide 18

Slide 18 text

A STORY ABOUT COMPUTER SECURITY The Turing Machine responsible for cracking the Nazi encryption system known as Enigma.

Slide 19

Slide 19 text

Damage related to cybercrime is projected to hit $6 trillion annually by 2021 FINANCIAL POLITICAL A data breach could be used to inﬂuence the elections IMPACT

Slide 20

Slide 20 text

You already can see this with marketing and media campaigns SOCIAL ENVIRONMENTAL Misuse of equipment, or data can also inﬂuence environmental-critical decisions. IMPACT

Slide 21

Slide 21 text

—SOMEONE FAMOUS “A chain is only as strong as its weakest link.”

Slide 22

Slide 22 text

03 BEST PRACTICES, TOOLS & METHODS

Slide 23

Slide 23 text

HOW TO PREVENT THIS TURMOIL?

Slide 24

Slide 24 text

Let’s take a look from different perspectives, as software developer, as architect, as user, as manager, etc. SOLUTION

Slide 25

Slide 25 text

Start with the Best Practices. The project OWASP is the place to start. DEVELOPER

Slide 26

Slide 26 text

TOP 10 THREATS STANDARDS Top 10 web security risks Also, Top 10 for APIs OWASP Secure Coding Practices-Quick Reference Guide OWASP

Slide 27

Slide 27 text

NIST - Guide to Secure Web Services DEVELOPER

Slide 28

Slide 28 text

CERT Coding Standard. Association with Carnegie Mellon University DEVELOPER

Slide 29

Slide 29 text

• Read • Read • Read • And …. R... Code! ARCHITECT

Slide 30

Slide 30 text

Evaluate tools and make everyone else’s life easier ARCHITECT

Slide 31

Slide 31 text

Includes sysadmin or Ops roles. (a.k.a devsecops) Automate it! DEVOPS

Slide 32

Slide 32 text

NIST Cybersecurity Framework & Security Considerations in the System Development Life Cycle MANAGER

Slide 33

Slide 33 text

SOFTWARE PROFESSIONAL

Slide 34

Slide 34 text

Check if your credentials have been compromised https://haveibeenpwned.com/ AS HUMAN

Slide 35

Slide 35 text

Wait… There’s more!

Slide 36

Slide 36 text

Hacking mindset, Bug bounty programs, Certiﬁcations. STEP FURTHER

Slide 37

Slide 37 text

Bug Bounty Hacking Hunt for issues and get Money! Think like your enemy OFFENSIVE MODE

Slide 38

Slide 38 text

04 IT’S A WRAP!

Slide 39

Slide 39 text

82% of employers report a shortage of cybersecurity skills 0% cybersecurity unemployment rate for 2021

Slide 40

Slide 40 text

WORLD WITHOUT SECURITY BREACHES

Slide 41

Slide 41 text

SUMMARY WE Own security at our working place and daily life START By taking a simple step PROTECTING Your assets, data and resources OFFENSIVE is the ultimate defense technique

Slide 42

Slide 42 text

CREDITS: This presentation template was created by Slidesgo, including icons by Flaticon, infographics & images by Freepik and illustrations by Stories THANKS! Java2Days Do you have any questions? Thanks Dave Gandy & Freepik for the icons @pedes andrespedes12