Securing Application Development

BsidesSF 2010

Presented by: Brett Hardin
Date: Wednesday March 03, 2010
Time: 12:30 - 13:00
Location: ParaSoma

Many companies are using an ad hoc software development strategy that uses as few resources as possible. Only when there is a security incident can these organizations justify change to management. We recommend a stripped down version of the classic Secure Development Lifecycle called "SDL Light" that recognizes the haste involved in a first release. It begins after the software is released and becomes compromised. SDL Light has two main advantages: Fast response and barebones resource requirements. The process uniquely manages this by heavily focusing on templates for testing and Errata's list of "20 Most Common Bugs" which identifies most security problems found in software. This process leverages the decades of combined research and on-site experience of the Errata Security pentesting team without the resource drain of housing a team of "Security Experts."


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats