Secure Design as Key Process for Software Development

The challenges of information security have been part of software development for decades. They were even present before the Internet was widely available. In essence the ever changing zoo of tools, programming languages, plugins, platforms, and development methods lead to development cycles that are different for every company. When it comes to security there is the ever present "secure coding skill" that is retrofitted to all code and development processes. The idea is to detect and remove any bugs with critical impact for IT security. This is the theory. In reality secure coding is nothing more than an adhesive plaster. IT security must be an integral part of code, and this needs to be implemented by secure design right from the start.

Nutzen für den Teilnehmer:
Useful information for development process and code review.
Strategy for introducing secure design concepts in new or existing products.
Ways of detecting and eliminating insecure design steps in the development process.

Behandelte Problemstellungen:
Illustrating the difference between secure coding and secure design. Explaining the role of architectural decision in software development.

How security requirements can be implemented into a software development process.

Showing the consequences of security decisions in widely available software products.

Vorgetragen von: René Pfeiffer
Unternehmen: SEC4YOU Advanced IT-Audit Services GmbH

Vortragssprache: Englisch
Level: Fortgeschrittene
Zielgruppe: Developer, project manager, software quality specialist, IT architect, auditor

Partner 2018