Integrating Security Tools in the SDL
Most of today´s cyber security problems can be traced to flaws in the code. It does not matter whether security issues affect operating system components, client applications, web applications, or other systems, most well-known vulnerabilities are caused by coding errors and implementation issues.
The question here is why so many bugs and coding errors continue to cause major security issues when we have had years to deal with these and other common vulnerabilities that are still found in applications today.
The best way to make security ‘just happen’ is to integrate it within the normal SDL (Software Development Lifecycle) practices. Security teams can focus on confidentiality and integrity of data which often requires development teams to slow down and assess code differently. Similarly, businesses want developers to write and revise code faster than ever, which often results in the developers focusing on what works best instead of on what is secure.
- How Microsoft adapted its SDLC after a large number of vulnerabilities was found between 1999 and 2003?
- SDLC in Agile?
- Policies and Procedures (SANSA by SANS)
- Bringing it all together
The goal of this Working Session is to identify common areas where security and development can work together to make improvements.
The target audience for this Working Session is: • Developers • Security professionals • DevSecOps • Security champions
Here are the current ‘work in progress’ materials for this session (please add as much information as possible before the sessions):
Related Working Session(s)
- A comparison of strength and weaknesses of specific FOSS tools
- Best practices in using SAST, DAST, IAST and RASP Tools
- Scaling Static Analysis Reviews and Deployments
- Securing the CI Pipeline
Back to list of all Working Sessions and Tracks
Edit this page here