$30 off During Our Annual Pro Sale. View Details »

Secure Software Development

Jorge Gaona
August 16, 2017
Technology
0
180

Secure Software Development

Talk for GDL Connect meetup

Jorge Gaona

August 16, 2017
Tweet

More Decks by Jorge Gaona

See All by Jorge Gaona
CI/CD: Tropiezos de la vida real
pollirrata
0
17
Elasticidad de Acciones con Docker y Azure Container Services
pollirrata
1
49
Arquitectura de software y DevOps
pollirrata
0
15
5 servicios de Azure que debes conocer
pollirrata
0
11
Arquitectura continua
pollirrata
0
27
Escalabilidad de aplicaciones en Azure
pollirrata
1
21
Blockchain + MS
pollirrata
0
53
Architectural tactics
pollirrata
0
190
Azure Functions
pollirrata
0
180

Other Decks in Technology

See All in Technology
從心開始的純軟之路
line_developers_tw
PRO
0
280
GraphQLクライアントの技術選定 2023冬
kazukihayase
6
2.5k
Webアプリ開発者向け パスキー対応の始め方
ritou
3
2.6k
Self-RAG: Learning to Retrieve, Generate and Critique through Self-Reflections
peisuke
8
830
技術的負債あるある早く言いたい〜/RookiesLT-link-and-motivation
lmi
0
1.8k
リアルで価値を発揮するデジタルプロダクトを開発する
aki_iinuma
0
860
Kotlin製のGraphQLサーバーをNode.jsでモジュラモノリス化している話
hokaccha
1
2k
Data-Centric AI - 関連する学術分野と実践例 -
kzykmyzw
4
1.5k
Vertex AI Feature Store に 機械学習エンジニアが涙した 理由
asei
3
1.2k
Honoが良さそう🔥
is_ryo
0
140
Cloud Security Day 2023パネルディスカッション資料
coconala_engineer
0
120
プライベートプロダクト戦略 - フロントエンドカンファレンス沖縄 / private_product_frontend
rdlabo
3
2.3k

Featured

See All Featured
Designing Experiences People Love
moore
133
23k
Statistics for Hackers
jakevdp
787
220k
KATA
mclloyd
13
11k
Being A Developer After 40
akosma
52
580k
From Idea to $5000 a Month in 5 Months
shpigford
376
45k
BBQ
matthewcrist
76
8.5k
What's new in Ruby 2.0
geeforr
336
30k
Automating Front-end Workflow
addyosmani
1354
200k
Atom: Resistance is Futile
akmur
257
24k
Agile that works and the tools we love
rasmusluckow
323
20k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
5
740
RailsConf 2023
tenderlove
0
340

Transcript

  1. Secure
    Software
    Development
    Jorge Gaona (@pollirrata)
    Enterprise Architect @
    Tiempo Development
    Client Solutions Architect @
    e-nnovare

    View Slide

  2. What´s security?
    • Protecting data and information from unauthorized access
    • Ensuring access to authorized entities
    • Trusting your data is what you think it is

    View Slide

  3. Impact
    Security
    Availability
    Privacy
    Reliability
    Safety
    Compliance

    View Slide

  4. Characteristics
    Confidentiality
    Integrity
    Availability
    Authentication
    Authorization
    Non-
    repudiation
    supported by

    View Slide

  5. Mb + Pb > Ocp + OcmPaPc
    • Mb is the monetary benefit for the attacker.
    • Pb is the psychological benefit for the attacker.
    • Ocp is the cost of committing the crime.
    • Ocm is the monetary costs of conviction for the attacker.
    • Pa is the probability of being apprehended and arrested.
    • Pc is the probability of conviction for the attacker.

    View Slide

  6. Ratio
    Emojis: https://commons.wikimedia.org
    10 80 10
    %

    View Slide

  7. Risks
    Avoidance
    Acceptance
    Mitigation
    Transfer
    Residual

    View Slide

  8. User Attack Surface
    • Amount of code
    • Number of inputs
    • Number of services
    • Number of open
    communication ports
    • Is your user stupid? (errors,
    social engineering, phishing)
    • Is your user evil?
    Application Attack Surface

    View Slide

  9. Tactics

    View Slide

  10. OWASP ASVS
    Provides developers with a list of requirements for secure
    development.

    View Slide

  11. View Slide

  12. View Slide

  13. ASVS Example

    View Slide

  14. Strategy

    View Slide

  15. Can software kill us?
    https://www.mymovievault.com/img/backdrop/3htQsZfX1cbtevy7osGJDZVOQfE.jpg

    View Slide