Building Security Into Your Apps One Story At A Time - Bhushan Gupta
In the agile software development, a story is the smallest element of your application and setting up appropriate security threshold dictates the security of your application.
This paper discusses the implementation and validation of security controls in the lifecycle of a story in the agile software development environment. The three 'Ws', what, when, and who are emphasized with reference to WHAT security controls to implement, WHEN to verify and validate the implementation and WHO should assure that the security control provides the intended safeguard. The role and time of engagement of product owner, security engineer, quality engineer and test engineers are explained as a story progresses from one stage of the lifecycle to the next.
With the help of examples the paper demonstrates the necessary security controls at the product definition. Once the security controls for a story are defined, the implementation needs verification by the security engineers and the product owner. The test team is then responsible to validate that the security controls are working as intended in the context of the application and without degrading the customer experience. The paper also highlights the post deployment security related activities and measures that should be taken for an uninterrupted operation.
Identifying proper security controls for your Web Application
Implementation of security controls
Static and dynamic testing of security controls
Integrating these concepts in an agile development
Proven champion for quality and well-versed with software quality engineering, and a WebApp security researcher, Bhushan is the principal consultant at Gupta Consulting, LLC. In WebApp security his research areas are; infusing security in SDLC, OWASP Top10, Risk Analysis and Mitigation, Attack Surface Measurement, and Static and Dynamic Application Security Analysis. As a leader of Open Web Application Security Project (OWASP) Portland Chapter, he is dedicated to driving the web application security to higher levels via technical education and training. Bhushan often provides training workshops and presentation to corporations and non-profit organizations. He is also an invited speaker and a panelist in discussions for both application security and agile software development. Bhushan serves as a Program Team member for the Pacific Northwest Software Conference and has been a member of the Program team for the Global AppSec Conference 2020 organized by OWASP.
Bhushan has been a Certified Six Sigma Black Belt (American Society for Quality and Hewlett Packard), and possesses deep and broad experience in solving complex problems, change management, and coaching and mentoring. Bhushan has a MS in Computer Science (1985) from New Mexico Tech and has worked at Hewlett-Packard and Nike in various roles. He was also a faculty member at the Oregon Institute of Technology, Software Engineering department, from 1985 to 1995 and is currently an Adjunct Faculty member.
Видео Building Security Into Your Apps One Story At A Time - Bhushan Gupta канала PNSQC
This paper discusses the implementation and validation of security controls in the lifecycle of a story in the agile software development environment. The three 'Ws', what, when, and who are emphasized with reference to WHAT security controls to implement, WHEN to verify and validate the implementation and WHO should assure that the security control provides the intended safeguard. The role and time of engagement of product owner, security engineer, quality engineer and test engineers are explained as a story progresses from one stage of the lifecycle to the next.
With the help of examples the paper demonstrates the necessary security controls at the product definition. Once the security controls for a story are defined, the implementation needs verification by the security engineers and the product owner. The test team is then responsible to validate that the security controls are working as intended in the context of the application and without degrading the customer experience. The paper also highlights the post deployment security related activities and measures that should be taken for an uninterrupted operation.
Identifying proper security controls for your Web Application
Implementation of security controls
Static and dynamic testing of security controls
Integrating these concepts in an agile development
Proven champion for quality and well-versed with software quality engineering, and a WebApp security researcher, Bhushan is the principal consultant at Gupta Consulting, LLC. In WebApp security his research areas are; infusing security in SDLC, OWASP Top10, Risk Analysis and Mitigation, Attack Surface Measurement, and Static and Dynamic Application Security Analysis. As a leader of Open Web Application Security Project (OWASP) Portland Chapter, he is dedicated to driving the web application security to higher levels via technical education and training. Bhushan often provides training workshops and presentation to corporations and non-profit organizations. He is also an invited speaker and a panelist in discussions for both application security and agile software development. Bhushan serves as a Program Team member for the Pacific Northwest Software Conference and has been a member of the Program team for the Global AppSec Conference 2020 organized by OWASP.
Bhushan has been a Certified Six Sigma Black Belt (American Society for Quality and Hewlett Packard), and possesses deep and broad experience in solving complex problems, change management, and coaching and mentoring. Bhushan has a MS in Computer Science (1985) from New Mexico Tech and has worked at Hewlett-Packard and Nike in various roles. He was also a faculty member at the Oregon Institute of Technology, Software Engineering department, from 1985 to 1995 and is currently an Adjunct Faculty member.
Видео Building Security Into Your Apps One Story At A Time - Bhushan Gupta канала PNSQC
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Agile Team Size - It Makes Huge Difference w/Michael MahPNSQC2015 - Ken Pugh05 End to End Quality with the Sonar Ecosystem and the Water Leak Metaphor G Ann Campbell, SonarSouWeb Application Attack Surface - Measurement and ImplementationSoft Skills a Tester Should Have - Mesut DurukalINVITED SPEAKER How Testing Strategy can Increase Developer Efficiency and Effectiveness Brian OkkenAgile Risk Management in the Large Enterprise | 2019 Webinar SeriesInformation Security -- Practices and Trends in Agile Enterprises - PNSQC WebinarKEYNOTE Who Owns Quality in Agile - Katy Sherman, Premier, IncPNSQC 2013 - Douglas HoffmanPNSQC President Brian Gaudreau - Call for Software Quality ProposalsPNSQC2016 Submit Your Abstract and Be Part of Software Quality HistoryKEYNOTE Cultivating a Champion Mindset to Dramatically Improve Your Life, Darlene Bennett GreeneTest Architectures and Support Environments for IoT - Jon Hagar, Grand Software TestingPNSQC2021: Ritu Walia - QA Best Practices - GUI Test Automation For EDA SoftwareLightning Talk - Q & A10 Embedding Security in Product Lifecycle Arvind Srinivasa Babu, McAfee LLC & Deepti Chauhan, McAfe06 - From 3 to 1 Easier Said Than Done with Shiva Srinivasan02 Influencing Change Levi Siebens, Vertafore04 Building a Customer Quality Dashboard – A Case Study John Ruberto, First DataSecurity Metrics with Caroline Wong