Implementing SDL and Surviving

Presented by

Michael F. Angelo, Chief Security Architect, Micro Focus Corporation

About this talk

While a secure development lifecycle (SDLC) is centered around education, it goes much beyond the simple ‘how to program securely’ to include: -Training, including an overview of the process -Threat modeling, including both deployment and functionality -Secure coding standards and reviews -Testing / analysis such as static, dynamic, fuzz and penetration testing -Supply chain security / monitoring that incorporates component tracking and build/development environment security -Incident response to improve reaction times This session will conclude with a discussion on how to measure your SDLC capability and maturity. As we delve into each of these areas, the attendee will gain insights into what is now required to be successful with an SDLC. Learning objectives: 1. Discover the elements and definitions of the currently evolved secure development lifecycle (SDLC) you need to succeed. 2. Understand how to track the evolving SDLC, since a static one often spells doom. 3. Be introduced to usage and deployment models to determine threats and mitigate them appropriately during the development process.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (107)
Subscribers (21188)
(ISC)² Security Congress channel contains digital content of activities at (ISC)2's Flagship conference event. You'll find keynotes, sessions and related items.