Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Integrating security into an existing agile SDLC
Search
Laura Bell
September 12, 2014
Technology
170
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Integrating security into an existing agile SDLC
Laura Bell
September 12, 2014
More Decks by Laura Bell
See All by Laura Bell
DIY security for the amateur superhero
ladynerd
0
300
Hackcon 11 - Protecting our people
ladynerd
0
260
Security in a container based world
ladynerd
0
170
Securing Microservice Architectures
ladynerd
2
370
Better Connected
ladynerd
0
84
Continuous Security
ladynerd
3
1.2k
Automated Human Vulnerability Scanning with AVA
ladynerd
3
2.8k
Blindsided by security
ladynerd
0
150
Practical tools for privacy audit
ladynerd
0
230
Other Decks in Technology
See All in Technology
Claude Code 珍プレー好プレー
shinyasaita
0
330
大量データに対しても、生成AIを用いてリーズナブルにデータ加工をしたい!Databricksのai_queryについて調べてみた
kamoshika
1
120
GuardrailからGovernanceへ~AIエージェント運用の次の課題~
sbspsy
2
270
Empower GenAI with Agile - あなたのアジャイルが生成AIのバフになる仕組み
hageyahhoo
1
180
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
15
110k
世界、断片、モデル。そして理解
ardbeg1958
1
110
ソニー銀行におけるビジネスアジリティ向上のためのクラウドシフト戦略
srenext
0
190
ポストモーテム! DDoSからサイトは守れた。 でもビジネスは守れなかった。
bengo4com
0
2.9k
依頼文化をやめる日 EM視点で語るPlatform EngineeringとInclusive SRE / Discussing Platform Engineering and Inclusive SRE from an EM's Perspective
shin1988
4
5.3k
Foxgloveについて 実際にExtensionを開発して公開するまでの話 / About Foxglove: The Story of Developing and Releasing an Extension
ry0_ka
0
210
cccccc
moznion
0
1.9k
kintone の AI コワーカーを、 Anthropic にエージェントを"ホストさせて"作った話 #devkinmeetup
sugimomoto
0
100
Featured
See All Featured
Build The Right Thing And Hit Your Dates
maggiecrowley
39
3.3k
Digital Ethics as a Driver of Design Innovation
axbom
PRO
1
340
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.8k
Getting science done with accelerated Python computing platforms
jacobtomlinson
2
260
What does AI have to do with Human Rights?
axbom
PRO
1
2.2k
Un-Boring Meetings
codingconduct
0
340
End of SEO as We Know It (SMX Advanced Version)
ipullrank
3
4.3k
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.4k
Rails Girls Zürich Keynote
gr2m
96
14k
Google's AI Overviews - The New Search
badams
0
1.1k
How to make the Groovebox
asonas
2
2.3k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.4k
Transcript
ARC208
once upon a time design code stuff ideas test deploy
security was all about gates design code stuff idea test
deploy
and goodness do we love gates design code stuff idea
test deploy Initial Risk Assessment Design Review Code and Implementation Review Penetration Testing
same thing, just more frequently?
None
Why don’t you do security?
we can make you look good Proactive security engagement increases:
Preparedness Credibility Market awareness Strategic thinking
So what does agile security need to be 1. Able
to empower developers 2. Cost effective 3. Pragmatic and flexible 4. Easy to integrate with existing workflows 5. Scalable
common misconceptions
avoidance != management
too little to fail (at security)
the sky is not always falling* *except when it is
(then you should really do something about it)
agility increases risk
Ten steps to a better, stronger and more secure you
regardless of budget, organisation size or how cool you are
1. know your stack Languages Libraries Operating Systems Applications Third
Party Services
2. learn to add, adapt and abandon
3. create a simple risk taxonomy Critical High Medium Low
Informational False Positive
4. understand your security and technical debt it’s natural and
awesome but you can’t run from it forever
5. bring security into your requirements “engage security early and
often and be sure to have it included in your definition of done”
6. prepare for the worst Monitoring Analysis Understanding Response Feedback
7. build an empire one developer at a time
8. design your workflows “the best technical people I know
work really hard to make themselves redundant. “
fails
10. outsource smartly “if you are going to spend the
money, research your options, scope well and be demanding”
common challenges and how to conquer, obliterate or otherwise win
compliance is a priority “nothing is more fatal to a
new business than the fines for non-compliance”
maintain momentum “more secure today than yesterday”
use your words No Simple way to remove risk Must
be logically applied and justified Does not remove the original need or objective Yes Scary for security people Accepts risks and understands them Enables innovation Encourage safe usage
None
Ready to get started? …take a deep breath
None
None