Scribd Logo
Upload

Welcome to Scribd!

  • Security Strategies in Windows Platforms and Applications

    Uploaded by

    Shreya Kasturia
    29 views15 pages
    a

    Original Title

    winsec_ppt15_l14

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    a

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    29 views15 pages

    Security Strategies in Windows Platforms and Applications

    Uploaded by

    Shreya Kasturia
    a

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 15

    Security Strategies in Windows

    Platforms and Applications

    Lesson 14
    Microsoft Windows and the
    Security Life Cycle

    © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


    www.jblearning.com
    All rights reserved.
    Learning Objective and Key
    Concepts
    Learning Objective
     Include security concerns as early as possible in the
    software development process.

    Key Concepts
     Trends in software change management
     Windows system and application security
    management
     The application security life cycle

    © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


    Security Strategies in Windows Platforms and Applications www.jblearning.com Page 2
    All rights reserved.
    Secure Software Development
    Strategies
    Software Development Life Cycle – SDLC

    Agile Development

    Security Development Lifecycle – SDL

    Building Security in Maturity Model – BSIMM

    © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


    Security Strategies in Windows Platforms and Applications www.jblearning.com Page 3
    All rights reserved.
    An SDLC with 10 Phases

    © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


    Security Strategies in Windows Platforms and Applications www.jblearning.com Page 4
    All rights reserved.
    SDLC
    Initiate

    Dispose Define

    Operate Design

    Roll out Build

    Test

    © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


    Security Strategies in Windows Platforms and Applications www.jblearning.com Page 5
    All rights reserved.
    Agile Development Cycle

    © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


    Security Strategies in Windows Platforms and Applications www.jblearning.com Page 6
    All rights reserved.
    Microsoft Software Development
    Lifecycle
    Training
    Response
    Requirement
    s

    Release

    Design

    Verification
    Implementati
    on

    © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


    Security Strategies in Windows Platforms and Applications www.jblearning.com Page 7
    All rights reserved.
    The Software Security
    Framework (SSF)

    © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


    Security Strategies in Windows Platforms and Applications www.jblearning.com Page 8
    All rights reserved.
    Testing
     The purpose of formal testing is to evaluate how
    well your application meets overall performance,
    functionality, and security goals.
     Every goal from the original specification should
    have at least one corresponding testing scenario.
     The testing scenario evaluates whether the
    application satisfies the goal.
     Testing activities can be manual or and
    automated.

    © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


    Security Strategies in Windows Platforms and Applications www.jblearning.com Page 9
    All rights reserved.
    Secure Software Development

     Fewer defects
    • Fewer vulnerabilities
     Proper training is crucial
    • Development
    • Testing

    © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


    Security Strategies in Windows Platforms and Applications www.jblearning.com Page 10
    All rights reserved.
    Secure Software Development
    (Continued)

     Security starts with requirements and


    design
    • Too many applications added delay security
    • Rework is always more expensive

    © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


    Security Strategies in Windows Platforms and Applications www.jblearning.com Page 11
    All rights reserved.
    Application Software Development/
    Revision
    Software
    Software
    Configuration
    Development Software Control
    Management
    Areas of Difficulty
    (SCM)
    Phase Baseline Configuration
    Identification Identification Identification

    Configuration
    Change Control
    Control
    Phase Transition
    Configuration
    Communication
    Auditing
    Activity Repeatable Configuration
    Coordination Processes Status Accounting

    © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


    Security Strategies in Windows Platforms and Applications www.jblearning.com Page 12
    All rights reserved.
    Best Practices
     Think of security early and often.
     Adopt a software development model to help
    define your organization’s development activities
    and flow.
     Define activities for each phase in your model.
     Ensure all developers are trained to develop
    secure applications.
     Look for developer training.
     Validate your software product at the end of every
    phase.
    © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
    Security Strategies in Windows Platforms and Applications www.jblearning.com Page 13
    All rights reserved.
    Best Practices (Cont.)
     Create separate software projects for each
    related group of programs or program changes.
     Do not begin a software development project by
    writing code—plan and design first.
     Keep the three SDL core concepts in focus—
    education, continuous improvement, and
    accountability.
     Develop tests to ensure each component of your
    application meets security requirements.

    © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


    Security Strategies in Windows Platforms and Applications www.jblearning.com Page 14
    All rights reserved.
    Summary
     Software development and its strategies
     Process of developing secure software
     Key roles in software change management
     Questions and answers on emerging
    trends

    © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company


    Security Strategies in Windows Platforms and Applications www.jblearning.com Page 15
    All rights reserved.

    You might also like