1. SECURITY IN SOFTWARE DEVELOPMENT Dan Patten CSCI 2100-850 OAT Talk Part 4

2. INTRODUCTION  What is Security in Software Development?  Background and change over time  Real Issues  Some solutions exist

3. ISSUES  Common Issues  Most Common Exploits  XSS and SQL Injection  Quality Assurance and Testing  Phishing for information

4. ISSUES  Timing  Proper application development and planning  Post production maintenance  Turnaround time in repairing security exploits  Effect on companies and customers

5. ISSUES  Other Issues  Open Source software  Cloud Computing  Lack of Education

6. SOLUTIONS  Solutions to Common Problems  Common solutions include proper coding practices  Secure databases  Configuration of permissions  Quality Assurance

7. SOLUTIONS  Solutions to Timing  Proper planning and development  Post production management  First response to customers and business  Disaster recovery plan

8. SOLUTIONS  Solutions to Other Issues  Up-to-date Open Source software  Proper education and possibly new classes  Stay up to date on future technology to stay ahead

9. CONCLUSION  Summary  Companies need to stay ahead  High industry standards  New exploits and problems will only increase

10. REFERENCES Ashford, Warwick. "Web app security fixes down to 11 days in 2013.". Computer Weekly, 3 Feb 2014. Web. 9 Mar 2014.. Be'ery, Tal. "Hackers Target Web Apps as a Bridgehead to the Datacenter.". Security Week, 15 Oct 2013. Web. 9 Mar 2014.. George, Randy. "The Five Most Common Security Pitfalls In Software Development.". Dark Reading, 11 Jul 2013. Web. 9 Mar 2014.. Higgins, Kelly. "Many Commercial Software Projects Contain Older, Vulnerable Open-Source Code.". Dark Reading, 3 Dec 2013. Web. 9 Mar 2014.. Kirk, Jeremy. "Security company says Nasdaq waited two weeks to fix XSS flaw.". Info World, 16 Sep 2013. Web. 9 Mar 2014..

11. REFERENCES Kitten, Tracy. "Cold Facts About Web App Security.". Gov Info Security, 11 Jun 2013. Web. 9 Mar 2014.. Messmer, Ellen. "Half of companies surveyed report Web application security problems.". Network World, 18 Sep 2012. Web. 9 Mar 2014.. Van Wyk, Kenneth. "There's no magic pill for security.". Computer World, 14 Jan 2013. Web. 9 Mar 2014.. Wilson, Tim. "Study: 96 Percent Of Applications Have Security Vulnerabilities.". Dark Reading, 20 Feb 2014. Web. 9 Mar 2014.. Wilson, Tim. "Study: Most Application Developers Don't Know Security, But Can Learn.". Dark Reading, 21 Nov 2013. Web. 9 Mar 2014..