Defending Against Data Breaches, as a Practicing Ruby Developer - RMR 2015

Ab03678bbcfaa5425274e4d3905ae7b8?s=47 Frank Rietta
September 24, 2015

Defending Against Data Breaches, as a Practicing Ruby Developer - RMR 2015

You've been hearing about big data breaches in the news. As a developer who doesn't specialize in security, knowing how to protect your application from getting hacked may seem like a daunting task. However, fundamentals in the design and development process will greatly increase the security that protects your users from harm.

1. Data breaches are a major concern that cannot be mitigated by wishful thinking alone
2. Application Security is about preventing abuse by adversaries who have access to the system, focusing on the app itself rather than just its environment
3. Have an Information Classification system
4. Treat security as a requirement by writing Abuse Stories along with your User Stories.
5. Apply practical technical countermeasures, such as including OWASP Top 10 and your abuse stories in your automated test suite

This presentation covers the systematic use of Abuse Stories along with User Stories with security constraints. This is an open area of research how to best apply these practices to custom software development practices, especially within an Agile or Extreme Programming development environment that is developer lead.

For additional in depth discussion of preventing data breaches in custom software development, including additional User Stories and Abuser Stories, see my 2015 ISSA conference paper at https://rietta.com/papers/data-breaches/ISSA2015/Defending-Against-Data-Breaches-in-Custom-Software-ISSA2015-Rietta.pdf.

Ab03678bbcfaa5425274e4d3905ae7b8?s=128

Frank Rietta

September 24, 2015
Tweet