Fundamental Practices And Tools To Implement A Security Development Lifecycle
No ratings
Presented at OWASP FROC 2010 by
Implementing an effective security development lifecycle program is both a costly and arduous endeavor. During this presentation, we’ll demonstrate how it is possible to lower the costs associated with this project by taking advantage of high quality tools freely available on the internet as well as taking advantage of the fundamental practices employed by technology giants such as EMC, Juniper, Oracle, Microsoft, Symantec, Nokia, SAP and Symantec (members of SAFECode.org). List of subjects discussed during this presentation • Introduction o What is SAFECode? o Who are the members of SAFECode? o What does SAFECode do? o How SAFECode differs from SAMM and BSIMM? • Why implement a Security Development Lifecycle program? • The Security Development Lifecycle o Description of each phase and activities that must be accomplished o Differences between the approach taken by various SAFECode members o My personal experience leading the implementation of Symantec’s SDL program o Free tools that can be readily applied in each phase of the Security Development Lifecycle. An emphasis on OWASP tools will be given. • Analysis of which phase should be implemented first and why • Final thoughts