SlideShare une entreprise Scribd logo

Software security, secure software development in the age of IoT, smart things, embedded applications

LabSharegroup
LabSharegroup

How to design secure software products for IoT, embedded application, smart metering, smart lighting, medical application with the help of Common Criteria

Logiciels
1  sur  24
Télécharger pour lire hors ligne
SOFTWARE SECURITY, SECURE SOFTWARE DEVELOPMENT in the age of IoT, Smart Things, embedded applications
some news about software security in 2015
Cyber-attacks against businesses ‘doubled in 2015’ by venturebeat - read the article Should Software Companies Be Legally Liable For Security Breaches? by techcrunch - read 'The IoT is the Internet of Easy Home Hacking' by venturebeat - read
source url
Trends up to 2020
„Like the physical universe, the digital universe is large – by 2020 containing nearly as many digital bits as there are stars in the universe.“ - Market Research EMC/IDC „By 2020, 100 million light fixtures will be network controlled. At least as many gaps to access sensitive customer data will emerge.“ - Forbes and On World 25 billion networked devices by 2020
source url
R&D activity in the chip industry the hardware ecosystems
Read it STM secure MCU line The ST33TPM12LPC has received security certification based on the certified TPM protection profile (Revision 116) with Common Criteria Evaluation Assurance Level (EAL) 4+. This ensures that the product totally meets TCG certification requirements and is now listed as Certified TPM by the TCG organization
Read the full DS STM’ Kerkey; Security Module for Smartmetering system - Protection profile for the Security Module of a Smart Meter Gateway (Security Module PP) - ECC support for NIST-P-256 - Digital signature generation and verification with ECDSA - Key agreement with Diffie-Hellman (ECKA-ECDH) and El Gamal (ECKA-EG) - PACE with ECDH-GM-AES-CBC-CMAC-128 for secure messaging - On-chip ECC key pair generation
Embedded Security Infineon Secure MCU line Embedded security with Common Criteria certified platforms OPTIGA™ Trust P – All-in-one device for Authentication
IoT homepage Infineon IoT landscape Security matters: The IoT is built on many different semiconductor technologies, including power management devices, sensors and microprocessors. Performance and security requirements vary considerably from one application to another. One thing is constant, however. And that is the fact that the success of smart homes, connected cars and Industrie 4.0 factories hinges on user confidence in robust, easy-to-use, fail- safe security capabilities. The greater the volume of sensitive data we transfer over the IoT, the greater the risk of data and identity theft, device manipulation, data falsification, IP theft and even server/network manipulation IoT security
secure software development approach
webinar Build Your Software Securely it’s challenging to keep pace with the rapidly changing development environment while ensuring security and compliance requirements are not compromised.
download pdf The Ten Best Practices for Secure Software Development “In the 80’s we wired the world with cables and in the 90’s we wired the world with computer networks. Today we are wiring the world with applications (software). Having a skilled professional capable of designing, developing and deploying secure software is now critical to this evolving world.” Mark Curphey, Director & Product Unit Manager, Microsoft Corporation,
read the blog How to develop software the secure, Gary McGraw way Ensuring security in software, Gary McGraw has long argued, means starting at the code level: That is, build security in from the start. McGraw, chief technology officer at Cigital Inc. and recognized as the industry's foremost software security expert, has said that enterprises too often focus on repairing damage post-breach and fixing bugs after launch. Instead, he argues, greater attention to security in the earliest stages of software development would greatly reduce the percentage of successful attacks, and minimize damage when malicious hackers do succeed.
Testing, Inspection and Certification (TIC) industry role - Common Criteria -
Read the full intro Why is CC recommended for developers? 1. Common Criteria is a standard about Information Technology Security Evaluation, which, is true to its name Commonly accepted all over the World, in 25 countries. 2. The standard defines a construct of creating the system of the product security, in an implementation-independent structure called Protection Profile, or in an implementation-dependent structure called Security Target, giving the possibility to create a truly product-fitting security requirement construct. 3. The security requirements are set up in a system based on the assets of the product, and the threats to be countered, taking into consideration the security policies and assumptions, satisfying the security objectives . . .
Learning the latest technology: IoT, hardware security, software security
IoT certification Learn about IoT device, hardware security... online courses sw security hw security product mgmt
External service providers in the value chain: Providing Trust -Security ----- intro DoSell solution providers
download intro pdf Software & IT Security Evaluation Services Common Criteria accredtited laboratory offers consultancy, evaluation services, as a Certified Evaluation Facility. • Card applets (ID cards, access cards, signature cards, etc.) • Detection Devices and Systems(Log analysers, Vulnerability managers, etc.) • Data Protection Software (Backup solutions, Cryptographic solutions, etc.) • Access control systems (Access analysers, Authentication systems, Policy managers, etc.) • Boundary Protection Systems ( Software firewalls, Secure messaging platforms, etc.) • Other systems (Mobile computing, RFID systems, IoT, embedded application, Smart metering etc.)
download case study Secure Software Development HUB Back-end architecture development: Java EE - OSGi, node.js Enterprise Architecture Development end-to-end Large scale CMS, E-commerce system development RAD technology (framework) Rapid application development: Angular JS In-depth cryptography and software security solutions for Start-up: up to MVP end to end product design, management Scrum Project management, and Business Analyst service Scrum teams outsourcing
CONTACT US TIBOR.ZAHORECZ@DOSELL.IO

Recommandé

Software Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecuritySoftware Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecurityThomas Malmberg
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLCBDPA Charlotte - Information Technology Thought Leaders
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life CycleMaurice Dawson
 
What’s making way for secure sdlc
What’s making way for secure sdlcWhat’s making way for secure sdlc
What’s making way for secure sdlcAvancercorp
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software developmentBill Ross
 
Software Security Frameworks
Software Security FrameworksSoftware Security Frameworks
Software Security FrameworksMarco Morana
 
Basic of SSDLC
Basic of SSDLCBasic of SSDLC
Basic of SSDLCChitpong Wuttanan
 
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Dilum Bandara
 

Recommandé

Software Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecuritySoftware Development Life Cycle – Managing Risk and Measuring Security
Software Development Life Cycle – Managing Risk and Measuring SecurityThomas Malmberg
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLCBDPA Charlotte - Information Technology Thought Leaders
 
Secure Software Development Life Cycle
Secure Software Development Life CycleSecure Software Development Life Cycle
Secure Software Development Life CycleMaurice Dawson
 
What’s making way for secure sdlc
What’s making way for secure sdlcWhat’s making way for secure sdlc
What’s making way for secure sdlcAvancercorp
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software developmentBill Ross
 
Software Security Frameworks
Software Security FrameworksSoftware Security Frameworks
Software Security FrameworksMarco Morana
 
Basic of SSDLC
Basic of SSDLCBasic of SSDLC
Basic of SSDLCChitpong Wuttanan
 
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Dilum Bandara
 
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'Positive Hack Days
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLCTjylen Veselyj
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMarco Morana
 
Integrating Security Across SDLC Phases
Integrating Security Across SDLC PhasesIntegrating Security Across SDLC Phases
Integrating Security Across SDLC PhasesIshrath Sultana
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle1&1
 
Security Development Lifecycle Tools
Security Development Lifecycle ToolsSecurity Development Lifecycle Tools
Security Development Lifecycle Toolsn|u - The Open Security Community
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"WrikeTechClub
 
Sumeet Mandloi: Robust Security Testing Framework
Sumeet Mandloi: Robust Security Testing FrameworkSumeet Mandloi: Robust Security Testing Framework
Sumeet Mandloi: Robust Security Testing FrameworkAnna Royzman
 
Agile and Secure SDLC
Agile and Secure SDLCAgile and Secure SDLC
Agile and Secure SDLCNazar Tymoshyk, CEH, Ph.D.
 
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeCrafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeDigital Defense Inc
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC FrameworkRishi Kant
 
Mobile security recipes for xamarin
Mobile security recipes for xamarinMobile security recipes for xamarin
Mobile security recipes for xamarinNicolas Milcoff
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSalil Kumar Subramony
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsCprime
 
Secure Software Development Lifecycle - Devoxx MA 2018
Secure Software Development Lifecycle - Devoxx MA 2018Secure Software Development Lifecycle - Devoxx MA 2018
Secure Software Development Lifecycle - Devoxx MA 2018Imola Informatica
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attacknewbie2019
 
5 Important Secure Coding Practices
5 Important Secure Coding Practices5 Important Secure Coding Practices
5 Important Secure Coding PracticesThomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsEric Vétillard
 
Security in the Development Lifecycle - lessons learned
Security in the Development Lifecycle - lessons learnedSecurity in the Development Lifecycle - lessons learned
Security in the Development Lifecycle - lessons learnedBoaz Shunami
 
Product security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsProduct security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsLabSharegroup
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture Symantec
 

Contenu connexe

Tendances

24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'Positive Hack Days
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLCTjylen Veselyj
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMarco Morana
 
Integrating Security Across SDLC Phases
Integrating Security Across SDLC PhasesIntegrating Security Across SDLC Phases
Integrating Security Across SDLC PhasesIshrath Sultana
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle1&1
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"WrikeTechClub
 
Sumeet Mandloi: Robust Security Testing Framework
Sumeet Mandloi: Robust Security Testing FrameworkSumeet Mandloi: Robust Security Testing Framework
Sumeet Mandloi: Robust Security Testing FrameworkAnna Royzman
 
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeCrafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeDigital Defense Inc
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC FrameworkRishi Kant
 
Mobile security recipes for xamarin
Mobile security recipes for xamarinMobile security recipes for xamarin
Mobile security recipes for xamarinNicolas Milcoff
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSalil Kumar Subramony
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsCprime
 
Secure Software Development Lifecycle - Devoxx MA 2018
Secure Software Development Lifecycle - Devoxx MA 2018Secure Software Development Lifecycle - Devoxx MA 2018
Secure Software Development Lifecycle - Devoxx MA 2018Imola Informatica
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attacknewbie2019
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsEric Vétillard
 
Security in the Development Lifecycle - lessons learned
Security in the Development Lifecycle - lessons learnedSecurity in the Development Lifecycle - lessons learned
Security in the Development Lifecycle - lessons learnedBoaz Shunami
 

Tendances (19)

24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLC
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 
Integrating Security Across SDLC Phases
Integrating Security Across SDLC PhasesIntegrating Security Across SDLC Phases
Integrating Security Across SDLC Phases
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle
 
Security Development Lifecycle Tools
Security Development Lifecycle ToolsSecurity Development Lifecycle Tools
Security Development Lifecycle Tools
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
 
Sumeet Mandloi: Robust Security Testing Framework
Sumeet Mandloi: Robust Security Testing FrameworkSumeet Mandloi: Robust Security Testing Framework
Sumeet Mandloi: Robust Security Testing Framework
 
Agile and Secure SDLC
Agile and Secure SDLCAgile and Secure SDLC
Agile and Secure SDLC
 
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeCrafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC Framework
 
Mobile security recipes for xamarin
Mobile security recipes for xamarinMobile security recipes for xamarin
Mobile security recipes for xamarin
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green Method
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
 
Secure Software Development Lifecycle - Devoxx MA 2018
Secure Software Development Lifecycle - Devoxx MA 2018Secure Software Development Lifecycle - Devoxx MA 2018
Secure Software Development Lifecycle - Devoxx MA 2018
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attack
 
5 Important Secure Coding Practices
5 Important Secure Coding Practices5 Important Secure Coding Practices
5 Important Secure Coding Practices
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of Things
 
Security in the Development Lifecycle - lessons learned
Security in the Development Lifecycle - lessons learnedSecurity in the Development Lifecycle - lessons learned
Security in the Development Lifecycle - lessons learned
 

Similaire à Software security, secure software development in the age of IoT, smart things, embedded applications

Product security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsProduct security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsLabSharegroup
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture Symantec
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443WoMaster
 
Best Practices for Cloud-Based IoT Security
Best Practices for Cloud-Based IoT SecurityBest Practices for Cloud-Based IoT Security
Best Practices for Cloud-Based IoT SecuritySatyaKVivek
 
Security for the IoT - Report Summary
Security for the IoT - Report SummarySecurity for the IoT - Report Summary
Security for the IoT - Report SummaryAccenture Technology
 
Frost Entrust Datacard-award-write-up-final
Frost Entrust Datacard-award-write-up-finalFrost Entrust Datacard-award-write-up-final
Frost Entrust Datacard-award-write-up-finalWendy Murphy
 
Cybersecurity In IoT Challenges And Effective Strategies.pdf
Cybersecurity In IoT Challenges And Effective Strategies.pdfCybersecurity In IoT Challenges And Effective Strategies.pdf
Cybersecurity In IoT Challenges And Effective Strategies.pdfRahimMakhani2
 
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecurityCigniti Technologies Ltd
 
Make things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxMake things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxSigfox
 
Y20151003 IoT 資訊安全_趨勢科技分享
Y20151003 IoT 資訊安全_趨勢科技分享Y20151003 IoT 資訊安全_趨勢科技分享
Y20151003 IoT 資訊安全_趨勢科技分享m12016changTIIMP
 
How BlackBerry Brings Android Security To Your Enterprise: White Paper
How BlackBerry Brings Android Security To Your Enterprise: White PaperHow BlackBerry Brings Android Security To Your Enterprise: White Paper
How BlackBerry Brings Android Security To Your Enterprise: White PaperBlackBerry
 
The Challenge of Integrating Security Solutions with CI.pdf
The Challenge of Integrating Security Solutions with CI.pdfThe Challenge of Integrating Security Solutions with CI.pdf
The Challenge of Integrating Security Solutions with CI.pdfSavinder Puri
 
Sleeping well with cloud services
Sleeping well with cloud servicesSleeping well with cloud services
Sleeping well with cloud servicesComarch_Services
 
Cyber security for Developers
Cyber security for DevelopersCyber security for Developers
Cyber security for Developerstechtutorus
 
Reinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsReinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsNirmal Misra
 
151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1p151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1pStéphane Roule
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSource Code Control Limited
 
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...Dark Bears
 

Similaire à Software security, secure software development in the age of IoT, smart things, embedded applications (20)

Product security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsProduct security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security Certs
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443
 
Best Practices for Cloud-Based IoT Security
Best Practices for Cloud-Based IoT SecurityBest Practices for Cloud-Based IoT Security
Best Practices for Cloud-Based IoT Security
 
Security for the IoT - Report Summary
Security for the IoT - Report SummarySecurity for the IoT - Report Summary
Security for the IoT - Report Summary
 
Frost Entrust Datacard-award-write-up-final
Frost Entrust Datacard-award-write-up-finalFrost Entrust Datacard-award-write-up-final
Frost Entrust Datacard-award-write-up-final
 
Cybersecurity In IoT Challenges And Effective Strategies.pdf
Cybersecurity In IoT Challenges And Effective Strategies.pdfCybersecurity In IoT Challenges And Effective Strategies.pdf
Cybersecurity In IoT Challenges And Effective Strategies.pdf
 
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application Security
 
Make things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxMake things come alive in a secure way - Sigfox
Make things come alive in a secure way - Sigfox
 
Cybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - SkillmineCybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - Skillmine
 
Y20151003 IoT 資訊安全_趨勢科技分享
Y20151003 IoT 資訊安全_趨勢科技分享Y20151003 IoT 資訊安全_趨勢科技分享
Y20151003 IoT 資訊安全_趨勢科技分享
 
How BlackBerry Brings Android Security To Your Enterprise: White Paper
How BlackBerry Brings Android Security To Your Enterprise: White PaperHow BlackBerry Brings Android Security To Your Enterprise: White Paper
How BlackBerry Brings Android Security To Your Enterprise: White Paper
 
The Challenge of Integrating Security Solutions with CI.pdf
The Challenge of Integrating Security Solutions with CI.pdfThe Challenge of Integrating Security Solutions with CI.pdf
The Challenge of Integrating Security Solutions with CI.pdf
 
Sleeping well with cloud services
Sleeping well with cloud servicesSleeping well with cloud services
Sleeping well with cloud services
 
Cyber security for Developers
Cyber security for DevelopersCyber security for Developers
Cyber security for Developers
 
Reinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsReinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of Things
 
151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1p151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1p
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoT
 
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...
IoT Security Why Hiring Skilled Developers is Crucial for Protecting Your Dev...
 

Plus de LabSharegroup

Pitch Deck - LabShare 2017
Pitch Deck - LabShare 2017Pitch Deck - LabShare 2017
Pitch Deck - LabShare 2017LabSharegroup
 
Accelerate your company
Accelerate your companyAccelerate your company
Accelerate your companyLabSharegroup
 
Build venture - engineering services
Build venture - engineering servicesBuild venture - engineering services
Build venture - engineering servicesLabSharegroup
 
Production ergonomics
Production ergonomicsProduction ergonomics
Production ergonomicsLabSharegroup
 
DAG Ideas full-stack webservices joined to DoSell Platform
DAG Ideas full-stack webservices joined to DoSell PlatformDAG Ideas full-stack webservices joined to DoSell Platform
DAG Ideas full-stack webservices joined to DoSell PlatformLabSharegroup
 
Machinery design & engineering
Machinery design & engineeringMachinery design & engineering
Machinery design & engineeringLabSharegroup
 
B2B reference guide for company makers part III. - Soft launch and Growth
B2B reference guide for company makers part III. - Soft launch and GrowthB2B reference guide for company makers part III. - Soft launch and Growth
B2B reference guide for company makers part III. - Soft launch and GrowthLabSharegroup
 
B2B venture reference guide - part II.
B2B venture reference guide - part II.B2B venture reference guide - part II.
B2B venture reference guide - part II.LabSharegroup
 
B2B reference guide for company makers
B2B reference guide for company makersB2B reference guide for company makers
B2B reference guide for company makersLabSharegroup
 
DoSell vision, services overview
DoSell vision, services overviewDoSell vision, services overview
DoSell vision, services overviewLabSharegroup
 
How we build a start-up from zero with the help of online content.
How we build a start-up from zero with the help of online content.How we build a start-up from zero with the help of online content.
How we build a start-up from zero with the help of online content.LabSharegroup
 
The true story of building up our venture
The true story of building up our ventureThe true story of building up our venture
The true story of building up our ventureLabSharegroup
 
Industrial Design www.dosell.io
Industrial Design www.dosell.ioIndustrial Design www.dosell.io
Industrial Design www.dosell.ioLabSharegroup
 
Common Criteria Lab Hungary
Common Criteria Lab HungaryCommon Criteria Lab Hungary
Common Criteria Lab HungaryLabSharegroup
 
The best way to design secure software products
The best way to design secure software productsThe best way to design secure software products
The best way to design secure software productsLabSharegroup
 
Bring your Ideas to Life
Bring your Ideas to LifeBring your Ideas to Life
Bring your Ideas to LifeLabSharegroup
 
DoSell Virtual Verification
DoSell Virtual VerificationDoSell Virtual Verification
DoSell Virtual VerificationLabSharegroup
 
Cathay general intro
Cathay general introCathay general intro
Cathay general introLabSharegroup
 

Plus de LabSharegroup (20)

Pitch Deck - LabShare 2017
Pitch Deck - LabShare 2017Pitch Deck - LabShare 2017
Pitch Deck - LabShare 2017
 
Accelerate your company
Accelerate your companyAccelerate your company
Accelerate your company
 
Build venture - engineering services
Build venture - engineering servicesBuild venture - engineering services
Build venture - engineering services
 
Production ergonomics
Production ergonomicsProduction ergonomics
Production ergonomics
 
DAG Ideas full-stack webservices joined to DoSell Platform
DAG Ideas full-stack webservices joined to DoSell PlatformDAG Ideas full-stack webservices joined to DoSell Platform
DAG Ideas full-stack webservices joined to DoSell Platform
 
Machinery design & engineering
Machinery design & engineeringMachinery design & engineering
Machinery design & engineering
 
B2B reference guide for company makers part III. - Soft launch and Growth
B2B reference guide for company makers part III. - Soft launch and GrowthB2B reference guide for company makers part III. - Soft launch and Growth
B2B reference guide for company makers part III. - Soft launch and Growth
 
B2B venture reference guide - part II.
B2B venture reference guide - part II.B2B venture reference guide - part II.
B2B venture reference guide - part II.
 
B2B reference guide for company makers
B2B reference guide for company makersB2B reference guide for company makers
B2B reference guide for company makers
 
DoSell pitch deck
DoSell pitch deckDoSell pitch deck
DoSell pitch deck
 
DoSell vision, services overview
DoSell vision, services overviewDoSell vision, services overview
DoSell vision, services overview
 
How we build a start-up from zero with the help of online content.
How we build a start-up from zero with the help of online content.How we build a start-up from zero with the help of online content.
How we build a start-up from zero with the help of online content.
 
The true story of building up our venture
The true story of building up our ventureThe true story of building up our venture
The true story of building up our venture
 
Industrial Design www.dosell.io
Industrial Design www.dosell.ioIndustrial Design www.dosell.io
Industrial Design www.dosell.io
 
Common Criteria Lab Hungary
Common Criteria Lab HungaryCommon Criteria Lab Hungary
Common Criteria Lab Hungary
 
The best way to design secure software products
The best way to design secure software productsThe best way to design secure software products
The best way to design secure software products
 
Bring your Ideas to Life
Bring your Ideas to LifeBring your Ideas to Life
Bring your Ideas to Life
 
DoSell Virtual Verification
DoSell Virtual VerificationDoSell Virtual Verification
DoSell Virtual Verification
 
Cathay general intro
Cathay general introCathay general intro
Cathay general intro
 
ViveLab
ViveLabViveLab
ViveLab
 

Dernier

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 

Dernier (20)

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 

Software security, secure software development in the age of IoT, smart things, embedded applications

  • 1. SOFTWARE SECURITY, SECURE SOFTWARE DEVELOPMENT in the age of IoT, Smart Things, embedded applications
  • 2. some news about software security in 2015
  • 3. Cyber-attacks against businesses ‘doubled in 2015’ by venturebeat - read the article Should Software Companies Be Legally Liable For Security Breaches? by techcrunch - read 'The IoT is the Internet of Easy Home Hacking' by venturebeat - read
  • 6. „Like the physical universe, the digital universe is large – by 2020 containing nearly as many digital bits as there are stars in the universe.“ - Market Research EMC/IDC „By 2020, 100 million light fixtures will be network controlled. At least as many gaps to access sensitive customer data will emerge.“ - Forbes and On World 25 billion networked devices by 2020
  • 8. R&D activity in the chip industry the hardware ecosystems
  • 9. Read it STM secure MCU line The ST33TPM12LPC has received security certification based on the certified TPM protection profile (Revision 116) with Common Criteria Evaluation Assurance Level (EAL) 4+. This ensures that the product totally meets TCG certification requirements and is now listed as Certified TPM by the TCG organization
  • 10. Read the full DS STM’ Kerkey; Security Module for Smartmetering system - Protection profile for the Security Module of a Smart Meter Gateway (Security Module PP) - ECC support for NIST-P-256 - Digital signature generation and verification with ECDSA - Key agreement with Diffie-Hellman (ECKA-ECDH) and El Gamal (ECKA-EG) - PACE with ECDH-GM-AES-CBC-CMAC-128 for secure messaging - On-chip ECC key pair generation
  • 11. Embedded Security Infineon Secure MCU line Embedded security with Common Criteria certified platforms OPTIGA™ Trust P – All-in-one device for Authentication
  • 12. IoT homepage Infineon IoT landscape Security matters: The IoT is built on many different semiconductor technologies, including power management devices, sensors and microprocessors. Performance and security requirements vary considerably from one application to another. One thing is constant, however. And that is the fact that the success of smart homes, connected cars and Industrie 4.0 factories hinges on user confidence in robust, easy-to-use, fail- safe security capabilities. The greater the volume of sensitive data we transfer over the IoT, the greater the risk of data and identity theft, device manipulation, data falsification, IP theft and even server/network manipulation IoT security
  • 14. webinar Build Your Software Securely it’s challenging to keep pace with the rapidly changing development environment while ensuring security and compliance requirements are not compromised.
  • 15. download pdf The Ten Best Practices for Secure Software Development “In the 80’s we wired the world with cables and in the 90’s we wired the world with computer networks. Today we are wiring the world with applications (software). Having a skilled professional capable of designing, developing and deploying secure software is now critical to this evolving world.” Mark Curphey, Director & Product Unit Manager, Microsoft Corporation,
  • 16. read the blog How to develop software the secure, Gary McGraw way Ensuring security in software, Gary McGraw has long argued, means starting at the code level: That is, build security in from the start. McGraw, chief technology officer at Cigital Inc. and recognized as the industry's foremost software security expert, has said that enterprises too often focus on repairing damage post-breach and fixing bugs after launch. Instead, he argues, greater attention to security in the earliest stages of software development would greatly reduce the percentage of successful attacks, and minimize damage when malicious hackers do succeed.
  • 17. Testing, Inspection and Certification (TIC) industry role - Common Criteria -
  • 18. Read the full intro Why is CC recommended for developers? 1. Common Criteria is a standard about Information Technology Security Evaluation, which, is true to its name Commonly accepted all over the World, in 25 countries. 2. The standard defines a construct of creating the system of the product security, in an implementation-independent structure called Protection Profile, or in an implementation-dependent structure called Security Target, giving the possibility to create a truly product-fitting security requirement construct. 3. The security requirements are set up in a system based on the assets of the product, and the threats to be countered, taking into consideration the security policies and assumptions, satisfying the security objectives . . .
  • 19. Learning the latest technology: IoT, hardware security, software security
  • 20. IoT certification Learn about IoT device, hardware security... online courses sw security hw security product mgmt
  • 21. External service providers in the value chain: Providing Trust -Security ----- intro DoSell solution providers
  • 22. download intro pdf Software & IT Security Evaluation Services Common Criteria accredtited laboratory offers consultancy, evaluation services, as a Certified Evaluation Facility. • Card applets (ID cards, access cards, signature cards, etc.) • Detection Devices and Systems(Log analysers, Vulnerability managers, etc.) • Data Protection Software (Backup solutions, Cryptographic solutions, etc.) • Access control systems (Access analysers, Authentication systems, Policy managers, etc.) • Boundary Protection Systems ( Software firewalls, Secure messaging platforms, etc.) • Other systems (Mobile computing, RFID systems, IoT, embedded application, Smart metering etc.)
  • 23. download case study Secure Software Development HUB Back-end architecture development: Java EE - OSGi, node.js Enterprise Architecture Development end-to-end Large scale CMS, E-commerce system development RAD technology (framework) Rapid application development: Angular JS In-depth cryptography and software security solutions for Start-up: up to MVP end to end product design, management Scrum Project management, and Business Analyst service Scrum teams outsourcing