Nicolas Guini, McAfee
Andres More, McAfee
Every day, we can find new software security issues, exploits and new ways to misuse the software to do things never before thought. Security criminals look every day at the software we produce and try to find a simple breach to exploit it and gain control to use it as they wish.
Many times the security tests are not taken into account because it is difficult to see results, it is difficult to implement or it costs time and money. But, when crackers find security flaws in our software, we regret the decisions made previously and we wish to have checked again with a security perspective what we do.
For that reason, it is important to add controls and security checks in our development process. The application of the Secure Development Process (SDL) added to a Security Maturity Model (SMM) helps our development teams find security infractions in the early stages before the software comes out into the open.
The purpose of this talk is to review an introduction to the life cycle of secure development and how it can be improved by verifying it with a measure of the security maturity model. We will present how this process helped to find security problems in a new feature development. And a practical application on how security tests can be automated making this process faster and easier for development teams.