Post on 14-Jan-2016
description
Copyright © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.
The OWASP Foundation
OWASP
http://www.owasp.org
OWASP Nederland
Implementation of Security by DesignMartin KnoblochSogeti Nederland B.V.martin.knobloch@sogeti.nl+31-(0)6 52 32 76 79
2007-01-11
2OWASP
Presentation Objectives
What is…? Awareness! Task Force! Join Forces! Education! Get known! Finish line?
3OWASP
What is…?
What is…?Security By Design A Secure Application
Awareness! Task Force! Join Forces! Education! Get known! Finish line?
4OWASP
What is…
Security by DesignSecure Software
Development Initiative Applications designed to be
secure Design how to develop
secure applicationsEverything about
designing, developing, testing and implementing secure applications!
5OWASP
What is…
A Secure Application?How to design, develop a secure
application?How secure has an application to
be?How to prove the application meets
the customer expectations and needs of security?
50 current OWAP Projects 6 Release Quality Projects 15 Beta Status Projects 15 Alpha Status Projects
6OWASP
What is…?
Secure Development Life Cycle
7OWASP
What is…
A Secure Application..An application is secure if
the applications behaves as expected at all times!
8OWASP
Awareness!
What is… ? Awareness!
Who?Why?How?
Task Force! Join Forces! Education! Get known! Finish line?
9OWASP
Awareness!
Who?Colleagues
Development Staff– Architects / Designers– Developers– Tester
Sales / Business Management
Customer Architects Administrators Users
…each and everyone!
10OWASP
Awareness!
Why?Colleagues
Development Staff Sales / Business Management
Customer Architects Administrators Users
11OWASP
Awareness!
How?By recognition of their
interests, understanding and knowledge of security! Communicate on the level of their
knowledge Communicate in the scope of their
understanding Communicate in the context of
their interests
12OWASP
Awareness!
13OWASP
Task Force!
What is…? Awareness! Task Force!
It’s not a one-man-show
Join Forces! Education! Get known! Finish line?
14OWASP
Task Force!
It’s not a one-man-show JavaMicrosoftOracleSAPCMSC++UnifacePHP…Software Control
15OWASP
Task Force!
Proactive Security Strategy (PaSS)
16OWASP
Join Forces!
What is…? Awareness! Task Force! Join Forces!
Who else is busy with security?
Education! Get known! Finish line?
17OWASP
Join Forces!
Business Process
Networking
System Administration
Application Administration
18OWASP
Join Forces!
Company wide security initiatives
19OWASP
Educate!
What is…? Awareness! Task Force! Join Forces! Educate!
EducationCertification
Get known! Finish line?
20OWASP
Educate!
Presentations, Courses, Technical meetingsTo create awareness!
About Security Threats About Security Standards About Best Practices About Standards About …
21OWASP
Educate!
CertificationsGet certified
CISSP Symantec – SCSP MSCE Cisco ISS RSA
»OWASP Top Ten certification?!
22OWASP
Get known!
What is…? Awareness! Task Force! Join Forces! Education! Get known!
Make yourself heard!
Finish line?
23OWASP
Get known!
Write! Papers Newsletters Blogs
Talk! Presentations Meetings Lunch
Bother! Whenever there is a change!
24OWASP
Get known!
Make yourself notorious!
25OWASP
Finish line?
What is…? Awareness! Task Force! Join Forces! Get known! Education! Finish line?
When is the job done?
26OWASP
Finish line?
When is the job done?
…NEVER!