Friday, November 8, 2013

Agile Appsec: Why we Suck at Building Secure Software, and what we can do about it

Last night I presented to the Calgary Agile Methods Users Group on "Agile Appsec: Why we Suck at Building Secure Software, and what we can do about it". This is an outline of the problems that we have as an industry building secure software - why we fail at it, why Agile development is blamed for insecure software - and what we can do to build more secure software while still being Agile. I look at different approaches to injecting application security into Agile development: security stories, evil user stories, abuse cases and abuse stories; security sprints; and building security into development, using Microsoft's SDL Agile as a guide.

5 comments:

Jessica Dodson said...

Be it 39% or 79%, a frighteningly large percentage of developer have little to no security steps in place when they are developing code. No wonder it sucks! Going back and trying to find the loopholes after they have been buried under more and more layers of new code is a tall order.

Anonymous said...

Going through the pain of Agile and application security. Great content in your presentation. Thanks for posting.

siva said...

This blog is the general information for the feature. You got a good work for these blog.We have a developing our creative content of this mind.
Thank you for this blog. This for very interesting and useful.
Java training in Chennai
Java training in Bangalore
Java online training
Java training in Pune
Java training in Bangalore|best Java training in Bangalore

Peptide Synthesis said...

Thanks for providing such a great Information, you can see, we also provide
Peptide Synthesis

Digital Marketing Company in Delhi said...

I am always eager to catch hold of the new posts being published on your website, because of this i use to updated, thanks for sharing this wonderful article.
Digital Marketing Company in Delhi
SEO Company in Delhi
Mobile App Development Company in Lucknow

Site Meter