|When:||Thu AM-1, PM-1|
|Participants||Adrian Winckles Adrian Winckles , Felipe Zipitria Felipe Zipitria , Francisco Novo Francisco Novo , Rafael Jimenez Rafael Jimenez , Simon Pavillon Simon Pavillon|
Most of today´s application security problems can be traced to flaws in the code. It does not matter whether security issues affect operating system components, client applications, web applications, or other systems, most well-known vulnerabilities are caused by coding errors and implementation issues.
The question here is why so many bugs and coding errors continue to cause major security issues when we have had years to deal with these and other common vulnerabilities that are still found in applications today.
The best way to make security ‘just happen’ is to integrate it within the normal SDL (Software Development Lifecycle) practices. Security teams can focus on confidentiality and integrity of data which often requires development teams to slow down and assess code differently. Similarly, businesses want developers to write and revise code faster than ever, which often results in the developers focusing on what works best instead of on what is secure.
- How Microsoft adapted its SDLC after a large number of vulnerabilities was found between 1999 and 2003?
- SDLC in Agile?
- Policies and Procedures (SANSA by SANS)
- Bringing it all together
The goal of this Working Session is to
- Identify common areas where security and development can work together to make improvements.
- Document identified areas like culture, automation, measurement and sharing in OWASP wiki page.
The target audience for this Working Session is:
- Security professionals
- Security champions
Here are the current ‘work in progress’ materials for this session (please add as much information as possible before the sessions):
Previous Summit Working Session
Register as participant
To register as participant add
Integrating Security Tools in the SDL to either:
sessionsmetadata field from your participant's page (find your participant page and look for the edit link).
- or the
participantsmetadata field from this git session page
Back to list of all Working Sessions