Agile Software Security
Olli Ahonen
Outline
• Security assurance• Misaligned• Aligned• Evil user stories• Microsoft
Outline
• Security assurance• Misaligned• Aligned• Evil user stories• Microsoft
Security assurance
• Design principles• Static code analysis• External reviews• Penetration testing• ...
“Good old heavyweight assurance processes”K. Beznosov and P. Kruchten
Outline
• Security assurance• Misaligned• Aligned• Evil user stories• Microsoft
Working software over comprehensive documentation
Big Up-Front Design
Deliver working software frequently
Deliver working software frequently
Collective ownership of code
Deliver working software frequently
Collective ownership of code
Back to square one
+
=
3rd party
• Independence• Objectivity• Credibility
Misaligned
• External reviews• Analysis and validation• Test depth analysis• Manual security testing
Outline
• Security assurance• Misaligned• Aligned• Evil user stories• Microsoft
Natural match
• Internal reviews• Build security in
Works anyway
• Architecture and design principles• High-level languages & run-time environments• Change tracking
Automatic
• Static code analysis• Unit testing• System testing
Outline
• Security assurance• Misaligned• Aligned• Evil user stories• Microsoft
Evil user stories
• From user stories• “How can this functionality be misused?”• Build security in
As an employee, I can search for other employees
by their last name
As an employee, I can alter the database by inserting
an SQL search string
Disconnected stories
“User adds “&debug=true” to URL on any page, and receives debug information that discloses system configuration details.”
Missing stories
• Incomplete• Inexpressible
Outline
• Security assurance• Misaligned• Aligned• Evil user stories• Microsoft
Security Development Lifecycle
• Attack surface analysis• Threat modeling• Cryptography review• Response plan• ...
Summary
• Don’t force it• Nourish synergy• Aim for secure enough