https://bit.ly/2OH0FV3 Staffcop secret sale page.
Handling of Security Requirements in Software Development Lifecycle The bigger the company you're working in, the more technologies and methodologies used by development teams you are going to face. At the same time, you want to address security risks in an appropriate, reliable and traceable way for all of them. After a short introduction of a unified process for handling security requirements in a large company, the main part of the talk is going to focus on a tool called SecurityRAT which we developed in order to support and accelerate this process. The goal of the tool is first to provide a list of relevant security requirements according to properties of the developed software (e.g. type of software, criticality), and afterwards to handle these in a mostly automated way - integration with an issue tracker being used as a core feature. Work in progress (currently targeting mainly integration to other systems, automated testing of requirements and reporting) as well as future plans will form the last part of the talk. Speakers Daniel Kefer Head of Application Security, 1&1 Mail & Media Development & Techhnology GmbH Daniel Kefer has been working in the application security field since 2007. Having started as a penetration tester, he soon became passionate about proactive security efforts and working closely with developers. Rene Reuter IT Security Consultant, Robert Bosch GmbH René Reuter is a security engineer with over 6 years of experience in the application security field. At Robert Bosch GmbH, he works as an IT Security Consultant responsible for identifying vulnerabilities and design flaws that may impact Robert Boschs' applications. - Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project
Niciun comentariu:
Trimiteți un comentariu