Learn how to build an in-house Secure Software Development Life Cycle (SDLC) program in this conference talk from BSides Philly 2016. Explore the building blocks of a secure SDLC, understand the importance of safe libraries, and discover how to integrate security into the development and testing processes. Gain insights on adding value through security measures, implementing Microsoft's Secure Development Lifecycle, and fostering dialogue between security and development teams. Examine practical examples, such as using Burp for security testing, and learn about effective reporting methods, security tools, and build pipeline integration. Discover techniques for measuring success, charting security bugs, and determining program maturity to enhance your organization's software security practices.
Overview
Syllabus
Intro
Questions
About Tony
Todays topic
Building blocks
Why
Development
Testing
Adding Value
Microsoft Secure Development Lifecycle Diagram
Why do you need to know this
What are safe libraries
Remediation team
Dialogue with security teams
Burp example
Recommendations
Reporting
Security tools
Build pipeline
Measuring success
Charting security bugs
Determining program maturity
Closing thoughts
