Security in Security

30-minute New Voice Talk

How we incorporated security when creating software within the security domain

Timetable

11:10 a.m. – 11:40 a.m. Thursday 15th

Room

Room F1 - Track 1: Talks

Audience

Testers, Product Owner, Scrum Master, Manager

Key-Learning

  • Reasons why it's important to think about security throughout the development lifecycle
  • How you can use threat modelling to identify then mitigate security risks
  • How you can incorporate security in your design
  • How you can incorporate security within your testing
  • Other things you can think about - for example least privilege, infrastructure, storage of secrets

Security is one of those oft forgotten 'non-functional' requirements. It gets left until the end, or just neglected completely.  But what if you are in the business of Security ? Suddenly everyone else's non-functional becomes your functional, and thinking about it only at the end is not an option.

This is a talk about how we factored Security into our product development in the team I worked in at Avecto, an endpoint security software company, where the products we were developing were Security products.  I'll talk about culture, and mindset, as well as some of the practical things we did to ensure Security was at the heart of everything, including: 

- Secure design

- Threat modelling

- Security testing throughout the development cycle 

- Resources you can use to help you get started with security 

Related Sessions