Integrating Security Tools in the SDL


Most of today´s cyber security problems can be traced to flaws in the code. It does not matter whether security issues affect operating system components, client applications, web applications, or other systems, most well-known vulnerabilities are caused by coding errors and implementation issues.

The question here is why so many bugs and coding errors continue to cause major security issues when we have had years to deal with these and other common vulnerabilities that are still found in applications today.

Why

The best way to make security ‘just happen’ is to integrate it within the normal SDL (Software Development Lifecycle) practices. Security teams can focus on confidentiality and integrity of data which often requires development teams to slow down and assess code differently. Similarly, businesses want developers to write and revise code faster than ever, which often results in the developers focusing on what works best instead of on what is secure.

What

  • How Microsoft adapted its SDLC after a large number of vulnerabilities was found between 1999 and 2003?
  • SDLC in Agile?
  • Policies and Procedures (SANSA by SANS)
  • Bringing it all together

Outcomes

The goal of this Working Session is to identify common areas where security and development can work together to make improvements.

Who

The target audience for this Working Session is: • Developers • Security professionals • DevSecOps • Security champions


Working materials

Here are the current ‘work in progress’ materials for this session (please add as much information as possible before the sessions):

Content

…add content…

Related Working Session(s)



Back to list of all Working Sessions and Tracks

Edit this page here