Security At The Speed of Innovation - Marudhamaran Gunasekaran

•

0 j'aime•85 vues

What is security? Why security is so important for web applications? What are the benefits of having focus on security aspects of web applications? What is information security? How to keep security at pace with innovation?

Logiciels

SECURITY AT THE SPEED OF
INNOVATION
Marudhamaran Gunasekaran
Scrum Gurgoan, Gurgoan, 15 July 2017

What the PII?
Do you
process?
http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2007/wp136_en.pdf
First name? Last name?

Who is going to
hack me?Do hackers always carefully select a target
and hit them with a zero day attack?

Who is going to
hack me?
They might get lucky

Developers think their applications are intrinsically secure
Nobody is going to hack my website
Who is going to
hack me?

Network Security
Patch management, Network segregation, System level security,
Software and Hardware Asset management, …

Software Security is about defensive
programming

Extortion and Ransom? But we have antivirus

Let’s buy an
Application
Security Scanner

Developers don’t understand the reports and
scanner output, how to manage the
vulnerabilities?

False alarms aren’t the only issue, real
vulnerabilities may get missed as well
True? / False?
A Vulnerability Management Nightmare

Every Software is different and complex
in its own way

Security Bug vs Security flaw?
Technical errors vs Logical flaws

Can automation
solve Software Security problems?
Or
How much software security problems does
automation solve?

Increase in pace of delivery 4 weeks to 2 weeks
to 1 week to 300 pushes to Production a day

DevOps, Infrastructure as Code, Virtualization
& Containers  More automation can be good

Faster pace of delivery calls for a Practical Risk
Management for Software Development

Continuous Software Security Platform
Continuous Security at SDLC and Delivery *
Practice and Knowledge Assessment *
Hack Yourself First Training *
Coach the Coders to Secure on the job *
Secure Code
Review *
Penetration
Testing *
Environment
Scans *Biweekly
reporting *
Automation
and Tuning *
People Practices Tools

Continuous Software Security Maturity
Model

All of us have a part to play
- Program Managers
- Developers
- Security Professionals
- Executives
- Quality Assurance Professionals
Takeaway #1

Automation and tools do help, use it where it matters
Only humans can:
- Integrate security automation in to the Software Development
process
- Can sift through automation results and prioritize accordingly
- Understand the limits of automation tools and employ
intelligence
- Help you develop correct software security program based on
experience and context of business
Takeaway #2

Build Security-In the software itself rather than bolting on after the
software is done
Takeaway #3

Vraagen?
Dankje wel!
Screen recording of this presentation at
https://vimeo.com/gmaran23/securityatthespeedofinnovation

Recommandé

Uncover threats and protect your organizationRapidSSLOnline.com

How to make Android apps secure: dos and don’tsNowSecure

Five mobile security challenges facing the enterpriseNowSecure

The fundamentals of Android and iOS app securityNowSecure

Venkasure Total Security + Presentationvenkasureantivirus

Preparing for the inevitable: The mobile incident response playbookNowSecure

Antivirus support Peter james

Shifting left: Continuous testing for better app quality and securityNowSecure

Recommandé

Uncover threats and protect your organizationRapidSSLOnline.com

How to make Android apps secure: dos and don’tsNowSecure

Five mobile security challenges facing the enterpriseNowSecure

The fundamentals of Android and iOS app securityNowSecure

Venkasure Total Security + Presentationvenkasureantivirus

Preparing for the inevitable: The mobile incident response playbookNowSecure

Antivirus support Peter james

Shifting left: Continuous testing for better app quality and securityNowSecure

iOS and Android security: Differences you need to knowNowSecure

It's not about you: Mobile security in 2016NowSecure

Web application security measuresICT Frame Magazine Pvt. Ltd.

Efficacy Of Layered Application Security Through The Lens Of HackerPriyanka Aash

Smartphone Security Guide: The Easiest Way to Keep Your Phone & Data SecureHeimdal Security

Information Security Life Cyclevulsec123

How to scale mobile application security testingNowSecure

Security Presenatation for Onforce Pro Town HallBev Robb

Accessibility Clickjacking, Devastating Android Vulnerability Skycure

SeceonCompanySeceon

Mobile Penetration Testing: Episode II - Attack of the CodeNowSecure

Network security presentationhamzakareem2

OWASP Mobile Top 10NowSecure

Hacker Tricks: How You Can Protect YourselfSwiftTech Solutions, Inc.

Cyber Security Tricks One Should Knowtechexpert2345

mspyfodotumo

The Safest Way To Interact Onlinepcsafe

Why do you need the advanced protection of the Internet Security Product / Ma...Andrew Clark

Safeguard your enterprise against ransomwareQuick Heal Technologies Ltd.

Security engineering 101 when good design & security work togetherWendy Knox Everette

Security is our duty and we shall deliver it - White PaperMohd Anwar Jamal Faiz

smpefrsharmam

Contenu connexe

Tendances

iOS and Android security: Differences you need to knowNowSecure

It's not about you: Mobile security in 2016NowSecure

Web application security measuresICT Frame Magazine Pvt. Ltd.

Efficacy Of Layered Application Security Through The Lens Of HackerPriyanka Aash

Smartphone Security Guide: The Easiest Way to Keep Your Phone & Data SecureHeimdal Security

Information Security Life Cyclevulsec123

How to scale mobile application security testingNowSecure

Security Presenatation for Onforce Pro Town HallBev Robb

Accessibility Clickjacking, Devastating Android Vulnerability Skycure

SeceonCompanySeceon

Mobile Penetration Testing: Episode II - Attack of the CodeNowSecure

Network security presentationhamzakareem2

OWASP Mobile Top 10NowSecure

Hacker Tricks: How You Can Protect YourselfSwiftTech Solutions, Inc.

Cyber Security Tricks One Should Knowtechexpert2345

mspyfodotumo

The Safest Way To Interact Onlinepcsafe

Why do you need the advanced protection of the Internet Security Product / Ma...Andrew Clark

Safeguard your enterprise against ransomwareQuick Heal Technologies Ltd.

Tendances (19)

iOS and Android security: Differences you need to know

It's not about you: Mobile security in 2016

Web application security measures

Efficacy Of Layered Application Security Through The Lens Of Hacker

Smartphone Security Guide: The Easiest Way to Keep Your Phone & Data Secure

Information Security Life Cycle

How to scale mobile application security testing

Security Presenatation for Onforce Pro Town Hall

Accessibility Clickjacking, Devastating Android Vulnerability

Seceon

Mobile Penetration Testing: Episode II - Attack of the Code

Network security presentation

OWASP Mobile Top 10

Hacker Tricks: How You Can Protect Yourself

Cyber Security Tricks One Should Know

mspy

The Safest Way To Interact Online

Why do you need the advanced protection of the Internet Security Product / Ma...

Safeguard your enterprise against ransomware

Similaire à Security At The Speed of Innovation - Marudhamaran Gunasekaran

Security engineering 101 when good design & security work togetherWendy Knox Everette

Security is our duty and we shall deliver it - White PaperMohd Anwar Jamal Faiz

smpefrsharmam

10 Best DevSecOps Tools for 2023SofiaCarter4

How to Become a Cyber Security Specialist.docEmmanuelDaniel41

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁

Importance of Secure Coding with it’s Best PracticesElanusTechnologies

From Code to Customer: How to Make Software Products SecureKaspersky

Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78

How to Become a Cyber Security Analyst in 2021..Sprintzeal

Security overview 2CMR WORLD TECH

Advantages and Disadvantages of Network Security.pdfCareerera

CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONSSprintzeal

Create a software key logger GiralFaurel

Software risk managementJose Javier M

Information security software security presentation.pptxsalutiontechnology

SPI Dynamics web application security 101 Wade Malone

Security practices in game design and developmentNarola Infotech

Similaire à Security At The Speed of Innovation - Marudhamaran Gunasekaran (20)

Security engineering 101 when good design & security work together

Security is our duty and we shall deliver it - White Paper

smpef

10 Best DevSecOps Tools for 2023

How to Become a Cyber Security Specialist.doc

Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...

Importance of Secure Coding with it’s Best Practices

From Code to Customer: How to Make Software Products Secure

Project Quality-SIPOCSelect a process of your choice and creat.docx

How to Become a Cyber Security Analyst in 2021..

Security overview 2

Advantages and Disadvantages of Network Security.pdf

CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS

Create a software key logger

Software risk management

Information security software security presentation.pptx

SPI Dynamics web application security 101

Security practices in game design and development

Plus de Piyush Rahate

The dysfunctions of a scrum teamPiyush Rahate

Spice up your retrospectivesPiyush Rahate

Integration testing - Yasub HashmiPiyush Rahate

Agile testing - Madhu KrishnappaPiyush Rahate

Product owner and anti patternsPiyush Rahate

Death of a coderPiyush Rahate

BeliefPiyush Rahate

Agile Biology Piyush Rahate

Birth of a developerPiyush Rahate

Roadblocks on performance highwayPiyush Rahate

Agile doing beingPiyush Rahate

Plus de Piyush Rahate (11)

The dysfunctions of a scrum team

Spice up your retrospectives

Integration testing - Yasub Hashmi

Agile testing - Madhu Krishnappa

Product owner and anti patterns

Death of a coder

Belief

Agile Biology

Birth of a developer

Roadblocks on performance highway

Agile doing being

Dernier

%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba

%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...masabamasaba

WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2

%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...masabamasaba

Artyushina_Guest lecture_YorkU CS May 2024.pptxAnnaArtyushina1

MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit

tonesoftglanshi9

WSO2CON 2024 - How to Run a Security ProgramWSO2

WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2

WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2

%in Soweto+277-882-255-28 abortion pills for sale in sowetomasabamasaba

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2

Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Bert Jan Schrijver

WSO2CON 2024 - Does Open Source Still Matter?WSO2

WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2

AI & Machine Learning Presentation TemplatePresentation.STUDIO

WSO2CON2024 - It's time to go PlatformlessWSO2

WSO2Con204 - Hard Rock Presentation - KeynoteWSO2

%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburgmasabamasaba

Direct Style Effect Systems -The Print[A] Example- A Comprehension AidPhilip Schwarz

Dernier (20)

%in Midrand+277-882-255-28 abortion pills for sale in midrand

%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...

WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...

%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...

Artyushina_Guest lecture_YorkU CS May 2024.pptx

MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...

tonesoftg

WSO2CON 2024 - How to Run a Security Program

WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source

WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...

%in Soweto+277-882-255-28 abortion pills for sale in soweto

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation

Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...

WSO2CON 2024 - Does Open Source Still Matter?

WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...

AI & Machine Learning Presentation Template

WSO2CON2024 - It's time to go Platformless

WSO2Con204 - Hard Rock Presentation - Keynote

%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg

Direct Style Effect Systems -The Print[A] Example- A Comprehension Aid

Security At The Speed of Innovation - Marudhamaran Gunasekaran

1. SECURITY AT THE SPEED OF INNOVATION Marudhamaran Gunasekaran Scrum Gurgoan, Gurgoan, 15 July 2017

2. WEB BASED SOFTWARE?

3. BENEFITS OF SECURITY?

9. SECURITY MYTHS

10. What the PII? Do you process? http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2007/wp136_en.pdf First name? Last name?

11. Who is going to hack me?Do hackers always carefully select a target and hit them with a zero day attack?

12. Who is going to hack me? They might get lucky

13. Developers think their applications are intrinsically secure Nobody is going to hack my website Who is going to hack me?

14.

15.

16.

17. Network Security Patch management, Network segregation, System level security, Software and Hardware Asset management, …

18. Software Security is about defensive programming

19. Extortion and Ransom? But we have antivirus

20. Someone wants to help you

21. Do they really want to help?

22. All they want is ransom

23. Let’s buy an Application Security Scanner

24. Developers don’t understand the reports and scanner output, how to manage the vulnerabilities?

25.

26. False alarms aren’t the only issue, real vulnerabilities may get missed as well True? / False? A Vulnerability Management Nightmare

27. Every Software is different and complex in its own way

28. Security Bug vs Security flaw? Technical errors vs Logical flaws

29. Can automation solve Software Security problems? Or How much software security problems does automation solve?

30. Increase in pace of delivery 4 weeks to 2 weeks to 1 week to 300 pushes to Production a day

31. DevOps, Infrastructure as Code, Virtualization & Containers  More automation can be good

32. Faster pace of delivery calls for a Practical Risk Management for Software Development

33. Continuous Software Security Platform Continuous Security at SDLC and Delivery * Practice and Knowledge Assessment * Hack Yourself First Training * Coach the Coders to Secure on the job * Secure Code Review * Penetration Testing * Environment Scans *Biweekly reporting * Automation and Tuning * People Practices Tools

34. Software Security Focus Areas

35. Continuous Software Security Maturity Model

36. All of us have a part to play - Program Managers - Developers - Security Professionals - Executives - Quality Assurance Professionals Takeaway #1

37. Automation and tools do help, use it where it matters Only humans can: - Integrate security automation in to the Software Development process - Can sift through automation results and prioritize accordingly - Understand the limits of automation tools and employ intelligence - Help you develop correct software security program based on experience and context of business Takeaway #2

38. Build Security-In the software itself rather than bolting on after the software is done Takeaway #3

39. Vraagen? Dankje wel! Screen recording of this presentation at https://vimeo.com/gmaran23/securityatthespeedofinnovation