How we incorporated security when creating software within the security domain
Security is one of those oft forgotten 'non-functional' requirements. It gets left until the end, or just neglected completely. But what if you are in the business of Security ? Suddenly everyone else's non-functional becomes your functional, and thinking about it only at the end is not an option.
This is a talk about how we factored Security into our product development in the team I worked in at Avecto, an endpoint security software company, where the products we were developing were Security products. I'll talk about culture, and mindset, as well as some of the practical things we did to ensure Security was at the heart of everything, including:
- Secure design
- Threat modelling
- Security testing throughout the development cycle
- Resources you can use to help you get started with security