Download - Avoiding the Pitfalls of Secure SDLC
Avoiding the Pitfalls of Secure SDLC
Succeeding with Automation
Introductions
Status Quo
Requir
emen
ts / A
rchite
cture
Coding
Integ
ration
/ Com
pone
nt Tes
ting
System
/ Acc
eptan
ce T
estin
g
Produc
tion /
Pos
t-Rele
ase
1x6x
11x16x21x26x31x36x
Rel
ativ
e co
st to
fix,
bas
ed o
n tim
e of
det
ectio
n
Source: NIST
Highest ROI
Where we find flaws today
Look familiar?
February 2012 Report from Quocirca
Results of an Open SAMM Assessment
Problems with Verification
Security Requirements
42%
58%
Not covered by scannersCan be caught by scanners
Scaling: Self-Serve
Solution: Automated, Criteria-based
Requirements Generation
Context
Matched Against Rules
Generates Threats
Matched Against Rules
Which Have Countermeasures
Apply the context for specific guidelines
And (Optionally) Import into ALM
Program Justification:$4k to find vuln in
production
[email protected]@sdelements.com