Speaker Deck

Defending Against Data Breaches, as a Practicing Ruby Developer - RMR 2015

by Frank Rietta

Published September 24, 2015 in Technology

You've been hearing about big data breaches in the news. As a developer who doesn't specialize in security, knowing how to protect your application from getting hacked may seem like a daunting task. However, fundamentals in the design and development process will greatly increase the security that protects your users from harm.

1. Data breaches are a major concern that cannot be mitigated by wishful thinking alone
2. Application Security is about preventing abuse by adversaries who have access to the system, focusing on the app itself rather than just its environment
3. Have an Information Classification system
4. Treat security as a requirement by writing Abuse Stories along with your User Stories.
5. Apply practical technical countermeasures, such as including OWASP Top 10 and your abuse stories in your automated test suite

This presentation covers the systematic use of Abuse Stories along with User Stories with security constraints. This is an open area of research how to best apply these practices to custom software development practices, especially within an Agile or Extreme Programming development environment that is developer lead.

For additional in depth discussion of preventing data breaches in custom software development, including additional User Stories and Abuser Stories, see my 2015 ISSA conference paper at https://rietta.com/papers/data-breaches/ISSA2015/Defending-Against-Data-Breaches-in-Custom-Software-ISSA2015-Rietta.pdf.