Explore the shift from secure coding to secure development in this NDC Sydney 2022 conference talk. Discover why focusing solely on secure code is insufficient and learn practical actions to implement throughout the entire software development lifecycle. Examine the limitations of current practices and language surrounding application security. Gain insights into designing secure systems, threat modeling, and implementing security measures from initial ideas to ongoing maintenance. Learn about tools like Trufflehog and GitHub Actions for enhancing security practices. Understand the importance of ecosystem security, dependency management, and comprehensive testing strategies. Participate in hands-on exercises and receive actionable steps to improve your team's approach to secure development. Embrace a holistic view of security that extends beyond code to protect data, systems, and people effectively.
So Long Secure Coding - Hello Secure Development
Overview
Syllabus
Introduction
How do I code securely
Design
Security Architect
Architecture
Bear analogy
Bear traps
Zero trust
Controls
Threat Modelling Cookbook
Threat Modelling Manifesto
Homework
OS Top 10
Anvanka
Todays practical
Ecosystems
GitHub
Checklist
Dependencies
Testing
Test Coverage
Explore
Vulnerability scanning
Security testing tools
Action for you
Deploy
Demo
Mac
Trufflehog
GitHub Action
Workflows
Truffle Hog
Vaults
Same Graph
Precommit hook
Scan output
GitHub actions
Instant response plan
Basic instant response plan
Team exercise
Action
Code Centric
Find Solutions
Questions
Taught by
NDC Conferences
