Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Secure Software Development

Secure Software Development

Talk for GDL Connect meetup


Jorge Gaona

August 16, 2017


  1. Secure Software Development Jorge Gaona (@pollirrata) Enterprise Architect @ Tiempo

    Development Client Solutions Architect @ e-nnovare
  2. What´s security? • Protecting data and information from unauthorized access

    • Ensuring access to authorized entities • Trusting your data is what you think it is
  3. Impact Security Availability Privacy Reliability Safety Compliance

  4. Characteristics Confidentiality Integrity Availability Authentication Authorization Non- repudiation supported by

  5. Mb + Pb > Ocp + OcmPaPc • Mb is

    the monetary benefit for the attacker. • Pb is the psychological benefit for the attacker. • Ocp is the cost of committing the crime. • Ocm is the monetary costs of conviction for the attacker. • Pa is the probability of being apprehended and arrested. • Pc is the probability of conviction for the attacker.
  6. Ratio Emojis: https://commons.wikimedia.org 10 80 10 %

  7. Risks Avoidance Acceptance Mitigation Transfer Residual

  8. User Attack Surface • Amount of code • Number of

    inputs • Number of services • Number of open communication ports • Is your user stupid? (errors, social engineering, phishing) • Is your user evil? Application Attack Surface
  9. Tactics

  10. OWASP ASVS Provides developers with a list of requirements for

    secure development.
  11. None
  12. None
  13. ASVS Example

  14. Strategy

  15. Can software kill us? https://www.mymovievault.com/img/backdrop/3htQsZfX1cbtevy7osGJDZVOQfE.jpg