Security measures across the software development process Dr. Holger Peine Slide 1 Security vulnerabilities are clearly.

Slides:



Advertisements
Similar presentations
Copyright © 2008, McAfee, Inc. Presented By Mike Andrews Introduction WebSec 101 Intro Music by DoKashiteru.
Advertisements

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Security and Open Source: the 2-Edged Sword Crispin Cowan, Ph.D WireX Communications, Inc wirex.com.
Choosing SATE Test Cases Based on CVEs Sue Wang October 1, 2010 The SAMATE Project 1SATE 2010 Workshop.
-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.
Bruce Schneier Lanette Dowell November 25, Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.
S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,
Information Networking Security and Assurance Lab National Chung Cheng University Introduction to Software Security Jared 2004/03/17.
BUILDING A SECURE STANDARD LIBRARY Information Assurance Project I MN Tajuddin hj. Tappe Supervisor Mdm. Rasimah Che Mohd Yusoff ASP.NET TECHNOLOGY.
Dec 13 th CS555 presentation1 Yiwen Wang --“Securing the DB may be the single biggest action an organization can take to protect its assets” David C. Knox.
Varun Sharma Security Engineer | ACE Team | Microsoft Information Security
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
1 An Empirical Analysis of Vendor Response to Vulnerability Disclosure Ashish Arora, Ramayya Krishnan, Rahul Telang, Yubao Yang Carnegie Mellon University.
Web Application Testing with AppScan Terry Labach.
Vulnerabilities. flaws in systems that allow them to be exploited provide means for attackers to compromise hosts, servers and networks.
Vulnerabilities. flaws in systems that allow them to be exploited provide means for attackers to compromise hosts, servers and networks.
Secure Software Development Mini Zeng University of Alabama in Huntsville 1.
Who Should be Responsible for Software Security? A Comparative Analysis of Liability Policies in Network Environments Terrence August Rady School of Management,
G53SEC Computer Security Introduction to G53SEC 1.
© 2007 Carnegie Mellon University Secure Coding Initiative Jason A. Rafail Monday, May 14 th, 2007.
A Framework for Automated Web Application Security Evaluation
Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.
A Large Scale Exploratory Analysis of Software Vulnerability Life Cycles Muhammad Shahzad Dept. of Computer Science and Engineering Michigan State University.
Adam L. Jacobs, CISSP Principal Program Manager, Oracle 15/16 November 2005 Why is Commercial Software So Vulnerable (and How Can We Fix It)?
Watchfire AppScan Web Application Security Software Omen Wild September 2007.
OSI and TCP/IP Models And Some Vulnerabilities AfNOG th May 2011 – 10 th June 2011 Tanzania By Marcus K. G. Adomey.
1 1 Vulnerability Assessment of Grid Software Jim Kupsch Associate Researcher, Dept. of Computer Sciences University of Wisconsin-Madison Condor Week 2006.
1 The Top 10/20 Internet Security Vulnerabilities – A Primer This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis.
Database Vulnerability And Encryption Presented By: Priti Talukder.
CSCE 548 Secure Software Development Final Exam – Review.
Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.
CSCD 303 Essential Computer Security Spring 2013 Lecture 8 - Desktop Security OS Security Compared Reading: See References.
OWASP Top Ten #1 Unvalidated Input. Agenda What is the OWASP Top 10? Where can I find it? What is Unvalidated Input? What environments are effected? How.
1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University of Wisconsin Condor Week 2007 May 2, 2007.
An Ad Hoc Writable Rule Language for White-Box Security Scanners Author:Sebastian Schinzel Referent:Prof. Dr. Alexander del Pino Korreferent:Prof. Dr.
Vulnerability Scan Assessment CS/IT 463 Bryan Dean Jonathan Ammons.
MetriCon 1.0 An Attack Surface Metric Pratyusa K. Manadhata Jeannette M. Wing Carnegie Mellon University {pratyus,
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
1.  An event study is designed to examine market reactions to, and abnormal returns around specific information-imparting events.  These events can.
CSCE 548 Secure Software Development Taxonomy of Coding Errors.
Input Validation – common associated risks  ______________ user input controls SQL statements ultimately executed by a database server
1.  An event study is designed to examine market reactions to, and abnormal returns around specific information-imparting events.  These events can.
Web system security issues: A developer's perspective Morrison, P. Jason 9 December 2004 BAD Information Security Web system security issues:
“ Vulnerabilities in SNMP Implementations ” CSCI Web Security Instructor: Dr. Andrew Yang Presented By: Harini Varatharajan.
Securing Java Applications
Chapter 1 The Software Security Problem. Goals of this course Become aware of common pitfalls. Static Analysis and tools.
The Java Open Review Project Brian Chess Founder/Chief Scientist Fortify Software June 14, 2007.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Soroush Dalili 9 Dec Computer Security MSc. of Birmingham University.
Defending Applications Against Command Insertion Attacks Penn State Web Conference 2003 Arthur C. Jones June 18, 2003.
HELP WANTED? Job prospects for CS Compensation (show me the money) Career networking.
Education – Partnership – Solutions Information Security Office of Budget and Finance Christopher Giles Governance Risk Compliance Specialist The Internet.
Building Secure Web Applications with IDS Michael Chaney Technical Director ChainLink Networking Solutions, Inc.
Your Cyber Security: The scope of your risk is broad and growing To understand the nature of the risk landscape look at the presentations here today-begin.
Vulnerability / Cybersecurity Research Discussion Dwayne Melancon, CISA Chief Technology Officer and VP of Research & Development.
SECURE DEVELOPMENT. SEI CERT TOP 10 SECURE CODING PRACTICES Validate input Use strict compiler settings and resolve warnings Architect and design for.
CSCE 548 Secure Software Development Penetration Testing.
Security Autodesk DevDays rEvolution
State Board of Elections Computers
CSCE 548 Secure Software Development Final Exam – Review 2016
Secure Coding Initiative
OWASP WebGoat v5 16 April 2010.
Mid Term II Review.
Security at the Source.
An Attack Surface Metric
Exploring Complexity Metrics as Indicators of Software Vulnerability
A snapshot into current Web Application vulnerabilities
Presentation transcript:

Security measures across the software development process Dr. Holger Peine Slide 1 Security vulnerabilities are clearly rising NVD = National Vulnerability Database CERT = US-CERT database OSVDB = Open Source Vulnerability Database

Security measures across the software development process Dr. Holger Peine Slide 2 Published vulnerabilities cost a vendor real money A study based on reald vulnerability announcements in revealed an average drop of the concerned vendor's stock price of 0.6% after each vulnerability announcement Tehang / Wattal, Carnegie Mellon Univerisity, 2004 "Impact of Software Vulnerability Announcements on the Market Value of Software Vendors – an Empirical Investigation"... not to mention the damage to the vendor's reputation

Security measures across the software development process Dr. Holger Peine Slide 3 Most vulnerabilities caused by careless programming  64% of the vulnerabilities in ICAT (now: NVD) in 2004 are due to programming errors 51% of those due to classic errors like buffer overflows, cross-site-scripting, injection flaws Heffley/Meunier (2004): Can Source Code Auditing Software Identify Common Vulnerabilities and Be Used to Evaluate Software Security?  Cross-site scripting, SQL injection at top of the statistics (CVE, Bugtraq) in 2006  "We wouldn't need so much network security if we didn't have such bad software security" (Bruce Schneier)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.