Meetup DevOps Tahiti - OWASP pour 0 euros

Présentation OWASP

OWASP

Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software.

Projets dans des “stages”: Incubator, Labs, FlasgShip, Inactive, Low activity.

3 communautés: Defenders, Builders, Breakers.

Talk chapître OWASP France du 10/10/2019 Yvan P.

Processus d’intégration continue et sécurité

Processus SDLC
Processus SDLC

Microsoft propose le processus d’intégration continue SDLC qui a également donné lieu à la norme 27034.

Présentation

Par phases

  • Training,
  • Requirements,
  • Design,
  • Implementation,
    • Focus controls 2018,
  • Release,
  • Response

Phase: Training

Phase: Requirements

Phase: Design

  • Top ten: Web, API, Cloud, Mobile…
  • Threat Dragon: Threat Modeling

Phase: Implementation

Focus controls 2018

  1. Define Security Requirements
  2. Leverage Security Frameworks and Libraries
  3. Secure Database Access
  4. Encode and Escape Data
  5. Validate All Inputs
  6. Implement Digital Identity
  7. Enforce Access Controls
  8. Protect Data Everywhere
  9. Implement Security Logging and Monitoring
  10. Handle All Errors and Exceptions

Phase: Verification

Phase: Release

  • Packman A documentation and tracking project with the goal of making package management systems more secure.

Phase: Response

Bonus