Secure Software Development

Slide 1

Slide 1 text

Secure Software Development Jorge Gaona (@pollirrata) Enterprise Architect @ Tiempo Development Client Solutions Architect @ e-nnovare

Slide 2

Slide 2 text

What´s security? • Protecting data and information from unauthorized access • Ensuring access to authorized entities • Trusting your data is what you think it is

Slide 3

Slide 3 text

Impact Security Availability Privacy Reliability Safety Compliance

Slide 4

Slide 4 text

Characteristics Confidentiality Integrity Availability Authentication Authorization Non- repudiation supported by

Slide 5

Slide 5 text

Mb + Pb > Ocp + OcmPaPc • Mb is the monetary benefit for the attacker. • Pb is the psychological benefit for the attacker. • Ocp is the cost of committing the crime. • Ocm is the monetary costs of conviction for the attacker. • Pa is the probability of being apprehended and arrested. • Pc is the probability of conviction for the attacker.

Slide 6

Slide 6 text

Ratio Emojis: https://commons.wikimedia.org 10 80 10 %

Slide 7

Slide 7 text

Risks Avoidance Acceptance Mitigation Transfer Residual

Slide 8

Slide 8 text

User Attack Surface • Amount of code • Number of inputs • Number of services • Number of open communication ports • Is your user stupid? (errors, social engineering, phishing) • Is your user evil? Application Attack Surface

Slide 9

Slide 9 text

Tactics

Slide 10

Slide 10 text

OWASP ASVS Provides developers with a list of requirements for secure development.

Slide 11

Slide 11 text

No content

Slide 12

Slide 12 text

No content

Slide 13

Slide 13 text

ASVS Example

Slide 14

Slide 14 text

Strategy

Slide 15

Slide 15 text

Can software kill us? https://www.mymovievault.com/img/backdrop/3htQsZfX1cbtevy7osGJDZVOQfE.jpg