What Causes Software Vulnerabilities? _____________________ ___________ ____________ _______________   flaws in developers own code   flaws resulting.

Slides:



Advertisements
Similar presentations
Homework 3 Solution Lecture Packet 16 © John W. Brackett.
Advertisements

ITIL: Service Transition
Achieving (and Maintaining) Compliance With Secure Software Development Compliance Requirements (ISC)² SecureSDLC May 17, 2012.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
The Systems Security Engineering Capability Maturity Model (ISO 21827)
R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.
1 IS371 WEEK 8 Last and Final Assignment Application Development Alternatives to Application Development Instructor Online Evaluations.
Software Engineering For Beginners. General Information Lecturer, Patricia O’Byrne, office K115A. –
1 SOFTWARE QUALITY ASSURANCE Basic Principles. 2 Requirements System Design Detailed Design Implementation Installation & Testing Maintenance SW Quality:
Software Engineering For Beginners. General Information Lecturer, Patricia O’Byrne. – Times: –See noticeboard outside.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
Computer Security: Principles and Practice
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Software Process and Product Metrics
Introduction to Software Testing
Instituting Controls in Systems Development Gurpreet Dhillon Virginia Commonwealth University.
IS 2620: Developing Secure Systems Jan 13, 2009 Secure Software Development Models/Methods Week 2: Lecture 1.
EOSC Generic Application Security Framework
What is Software Engineering? the application of a systematic, disciplined, quantifiable approach to the development, operation, and maintenance of software”
 The software systems must do what they are supposed to do. “do the right things”  They must perform these specific tasks correctly or satisfactorily.
Chapter 2 The process Process, Methods, and Tools
Information Systems Security Computer System Life Cycle Security.
CPIS 357 Software Quality & Testing I.Rehab Bahaaddin Ashary Faculty of Computing and Information Technology Information Systems Department Fall 2010.
CLEANROOM SOFTWARE ENGINEERING.
1 Chapter 2 The Process. 2 Process  What is it?  Who does it?  Why is it important?  What are the steps?  What is the work product?  How to ensure.
1 Software Quality CIS 375 Bruce R. Maxim UM-Dearborn.
Introduction to Software Engineering LECTURE 2 By Umm-e-Laila 1Compiled by: Umm-e-Laila.
Integrating Security Design Into The Software Development Process For E-Commerce Systems By: M.T. Chan, L.F. Kwok (City University of Hong Kong)
Capability Maturity Models Software Engineering Institute (supported by DoD) The problems of software development are mainly caused by poor process management.
Web Security for Network and System Administrators1 Chapter 2 Security Processes.
Software Engineering Quality What is Quality? Quality software is software that satisfies a user’s requirements, whether that is explicit or implicit.
Slide 1V&V 10/2002 Software Quality Assurance Dr. Linda H. Rosenberg Assistant Director For Information Sciences Goddard Space Flight Center, NASA
12.1 Introduction Checklists are used as a technique to give status information in a formalized manner about all aspects of the test process. This chapter.
Chapter 9 Project Management. Introduction Effective project management requires a well-structured project and diligent oversight A well-structured project.
OHT 1.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 The uniqueness of software quality assurance The environments for which.
Search Engine Optimization © HiTech Institute. All rights reserved. Slide 1 What is Solution Assessment & Validation?
Level 1 Level 1 – Initial: The software process is characterized as ad hoc and occasionally even chaotic. Few processes are defined, and success depends.
Business Analysis. Business Analysis Concepts Enterprise Analysis ► Identify business opportunities ► Understand the business strategy ► Identify Business.
CSCE 201 Secure Software Development Best Practices.
HL7 Coordination of Care Services Project April 14 th, 2014.
These courseware materials are to be used in conjunction with Software Engineering: A Practitioner’s Approach, 6/e and are provided with permission by.
Copyright © EWA IIT, Inc. June 17, 2002 © 2002  IIT, Inc. EWA Information & Infrastructure Technologies, Inc. 3 FOR OFFICIAL USE ONLY June 17, 2002 ©
Software Development Process CS 360 Lecture 3. Software Process The software process is a structured set of activities required to develop a software.
Project Management Strategies Hidden in the CMMI Rick Hefner, Northrop Grumman CMMI Technology Conference & User Group November.
What Causes Software Vulnerabilities? _____________________ ___________ ____________ _______________   flaws in developers own code   flaws resulting.
Chapter 21: Evaluating Systems Dr. Wayne Summers Department of Computer Science Columbus State University
By Ramesh Mannava.  Overview  Introduction  10 secure software engineering topics  Agile development with security development activities  Conclusion.
Copyright 2015, Robert W. Hasker. Classic Model Gathering Requirements Specification Scenarios Sequences Design Architecture Class, state models Implementation.
Vulnerability Analysis Dr. X. Computer system Design Implementation Maintenance Operation.
 System Requirement Specification and System Planning.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
ISO17799 / BS ISO / BS Introduction Information security has always been a major challenge to most organizations. Computer infections.
Advanced Software Engineering Dr. Cheng
Security Development Lifecycle (SDL) Overview
CSCE 548 Secure Software Development Security Operations
Software Quality Control and Quality Assurance: Introduction
CSCE 548 Secure Software Development Risk-Based Security Testing
Lecture 0 Software Engineering Course Introduction
CS4311 Spring 2011 Process Improvement Dr
Lecture 15: Technical Metrics
TechStambha PMP Certification Training
CSE 403 Software Engineering
CSCE 548 Secure Software Development Test 1 Review
Software engineering.
CMMI – Staged Representation
Introduction to Software Testing
Charakteristiky kvality
JOINED AT THE HIP: DEVSECOPS AND CLOUD-BASED ASSETS
IS 2620: Developing Secure Systems
Cybersecurity Threat Assessment
Presentation transcript:

What Causes Software Vulnerabilities? _____________________ ___________ ____________ _______________   flaws in developers own code   flaws resulting from interactions with other systems   production deadlines   cost limitations _________   lack of basic security awareness   not aware of threats inherent to underlying technologies   unfamiliar with best mitigation practices

Software Assurance Responsibilities of the software engineer   minimize functional flaws   minimize development time and cost   maximize performance   maximize maintainability   maximize usability   maximize testability, portability, reusability   minimize security vulnerabilities

Software Engineering Where are the security breaches? Note that functional requirements define what the software is suppose to do.

How to be responsible (as a software engineer) Know your language! Know your environment! Follow sound software engineering habitually Follow sound security engineering habitually Test, test, test!   test for correctness (what it’s ___________)   test for security (what it’s ________________) Keep current with relevant attack methods

Software Engineering Crash Course What do we know about software engineering? There are many well defined lifecycle models. All lifecycle models have activities and processes in common. In general all of these models largely ignore security. What has been done to “build security in”? SSE-CMM Microsoft Trustworthy Computing Incremental Approach

SSE-CMM (ISO/IEC std) Systems Security Engineering Capability Maturity Model SSE-CMM (ISO/IEC std) Systems Security Engineering Capability Maturity Model buildsecurityin.us-cert.gov/bsi/articles/knowledge/sdlc/326-BSI.html Project and Organization ProcessSecurity Engineering Process  ensure quality  manage configuration  manage project risk  monitor & control technical effort  plan technical effort  define systems engineering process  manage product line evolution  manage support environment  provide ongoing knowledge  coordinate with suppliers Engineering Process  specify security needs  provide security input  monitor security posture  administer security control  coordinate security Assurance Process  verify and validate security  build assurance arguments Risk Process  assess threat  assess vulnerability  assess impact  assess risk

Microsoft Lifecycle Design PhaseDevelopment Phase Test Phase Maintenance Phase design complete test plans complete code complete ship ongoing activity security develop security tests security  raise awareness  find & fix vulnerabilities  eliminate bad habits security

Use a separate security team perform _____________ establish secure coding ________ ask security-related ________ Additional Thoughts (about the process) …and make them responsible. Secure Analysis observe secure design _________ Secure Design awareness of known attacks Secure Implementation no _____________ Secure Testing _____________tests reviews for secure design and coding principles track security bugs

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.