La descarga está en progreso. Por favor, espere

La descarga está en progreso. Por favor, espere

Seguridad en el Ciclo de Vida de Desarrollo

Publicada porLeta Naranjo Modificado hace 10 años

Presentaciones similares

Presentación del tema: "Seguridad en el Ciclo de Vida de Desarrollo"— Transcripción de la presentación:

1 Seguridad en el Ciclo de Vida de Desarrollo
OWASP Uruguay Chapter Seguridad en el Ciclo de Vida de Desarrollo Thx to organizers Mauro Flores OWASP Global Industry Committee OWASP Uruguay Chapter Leader @mauro_fcib

2 Agenda Introducción al OWASP Seguridad en el SDLC
Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

3 OWASP ??!!!!! OWASP -Open Web Application Application Security Project
Comunidad abierta y sin fines de lucro Organización de voluntarios Soportada a través de patrocinios Promueve el desarrollo de software seguro de aplicaciones Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

4 OWASP ??!!!!! Proporcionar recursos gratuitos para la comunidad
Becas pasa el desarrollo de nuevos proyectos Posibilidad de utilizar las herramientas y colaboradores disponibles para generar nuevos proyectos Becas de Investigación OWASP otorga becas a investigadores de la seguridad en aplicaciones para desarrollar herramientas, guías, publicaciones, etc. Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

5 Licencias Approach == “OPEN”
Todos los documentos, estándares y herramientas se distribuyen en base a licencias open-source GFDL GPL BSD License Creative Commons Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

6 Capítulos Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

7 OWASP … OWASP PCI Project OWASP Mobile Security Project
OWASP Cloud Security Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

8 Portal OWASP Wiki :

9 Seguridad en el SDLC Feel free to ask questions. Thank you!

10 SDLC Comprehesive, Lightweight Application Security Process (CLASP)
Metodologías para la incorporación de la seguridad en el SDLC Comprehesive, Lightweight Application Security Process (CLASP) Software Assurance Maturity Model (SAMM) Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

11 CLASP Organización: 5 Vistas 7 roles asociados al SDLC
Gerente de Proyecto Arquitecto Especificador de Requerimientos Diseñador Implementador (equipos de desarrollo) Tester Auditor de Seguridad 24 Actividades a desarrollar 104 fallas de seguridad agrupadas en 5 categorías Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

12 CLASP Consequences of unresolved Vulnerabilities Risk Assessment
Defino cuales de los 7 roles participarán de mi proyecto Concepts View(I) Milestone: Understand how CLASP process components interact and how to apply II through V. Role-Based View (II) Milestone: Create roles required by security-related project and utilize them in III, IV and V Activity-Implementation View (IV) Milestone: Perform subset of 24 security-related CLASP activities selected in III Activity-Assessment View (III) Milestone: Assess 24 security-related CLASP activities for suitability in IV Implementation Costs Activity Applicability Risk of Inaction Risk Assessment Vulnerability View (V) Milestone: Integrate solutions to problem types into III and IV Consequences of unresolved Vulnerabilities Problem Types 104 problems types are sub-sumed under 5 high-level Categories Exposures Periods (by SDLC phases) Avoidance & Mitigation Techniques A & M Periods (by SDLC phases) Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. Defino cuales de las 24 actividades ejecutaré

13 CLASP Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

14 OpenSAMM Los recursos de SAMM ayudarán a:
Evaluar las prácticas de seguridad existentes Construir un programa de seguridad en iteraciones bien definidas Demostrar mejoras concretas en el aseguramiento de Software Definir y medir las actividades relacionadas con seguridad Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

15 OpenSAMM Funciones de Negocio
Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. Funciones de Negocio

16 OpenSAMM Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

17 OpenSAMM Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

18 OpenSAMM Por cada nivel SAMM define: Objetivos Actividades Resultados
Umbrales de satisfacción Coste Personal Niveles relacionados Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

19 OWASP == ‘Secure SDLC’ Validar requerimientos de seguridad
ASVS Top 10 ZAP OWASP Swingset Testing Guide Code review Mantra ESAPI WAF Code Crawler Validar requerimientos de seguridad Establecer requerimientos de Seguridad Testing de Seguridad WAF/XML firewalls Análisis de Riesgo Revisión de Código Política Concientización Entrenamiento Controles Open Web Application Security Project (OWASP) is a not-for-profit worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. Similar to many open-source software projects, OWASP produces many types of materials in a collaborative, open way. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. Plan Construir Test Implementar SDLC Prácticas de desarrollo Seguro

20 Mauro Flores mauro.flores@owasp.org OWASP Uruguay Chapter Leader
Feel free to ask questions. Thank you! Mauro Flores OWASP Uruguay Chapter Leader OWASP Global Industry Committee

Descargar ppt "Seguridad en el Ciclo de Vida de Desarrollo"

Presentaciones similares

Experiencia en implantación de una metodología

Experiencia en implantación de una metodología
Microsoft Solution Framework v.4 Agile (MSF)

Microsoft Solution Framework v.4 Agile (MSF)
Ingeniería de Software II

Ingeniería de Software II
Caso de Éxito: Team System, CMMI, Metodologías Ágiles

Caso de Éxito: Team System, CMMI, Metodologías Ágiles
Metodologías ágiles.

Metodologías ágiles.
Sambayón PMP Evaluator

Sambayón PMP Evaluator
Análisis y diseño de sistemas 1 Primer semestre 2010 Clase 8

Análisis y diseño de sistemas 1 Primer semestre 2010 Clase 8
Gestar Proyectos.

Gestar Proyectos.
Estructura de SW-CMM.

Estructura de SW-CMM.
CRISP-DM (http://www.crisp-dm.org/)

CRISP-DM (
Javier Ordóñez September 2006

Javier Ordóñez September 2006
140+ Checklists, tools & guidance 140+ Checklists, tools & guidance 150 Local chapters 150 Local chapters 20,000 builders, breakers and defenders 20,000.

140+ Checklists, tools & guidance 140+ Checklists, tools & guidance 150 Local chapters 150 Local chapters 20,000 builders, breakers and defenders 20,000.
Desarrollo Seguro usando OWASP

Desarrollo Seguro usando OWASP
Migración de MOSS2007 a SharePoint 2010 Jose Manuel González

Migración de MOSS2007 a SharePoint 2010 Jose Manuel González
Planeamiento Estrategico

Planeamiento Estrategico
Carla Cuevas Noya Adrian Aramiz Villalba Salinas

Carla Cuevas Noya Adrian Aramiz Villalba Salinas
COLEGIO MENOR SAN FRANCISCO DE QUITO

COLEGIO MENOR SAN FRANCISCO DE QUITO
Proceso de Originación de Crédito: Banco de los Alpes

Proceso de Originación de Crédito: Banco de los Alpes
Desarrollo Con CALIDAD, con Visual Studio 2008

Desarrollo Con CALIDAD, con Visual Studio 2008
ACIS Desarrollar proyectos de software y “evitar” el fracaso ?

ACIS Desarrollar proyectos de software y “evitar” el fracaso ?

Presentaciones similares

Anuncios Google