Information security is not something you can sprinkle over your applications - security needs to be baked in. In this session, you will learn how to take security into account in every step of your software development process, focusing on design and development.
You will get to know basics of threat modeling which helps you to assess security already in the design phase. Threat modeling helps you deliver better software, prioritize your preventive security measures, and focus penetration testing to the most risky parts of the system. The session covers various methods, such as the STRIDE model, for finding security and privacy threats.
Software security is not about reinventing the wheel. There’s a lot of great existing material out there, for example from OWASP, that you can use for selecting suitable security requirements and creating best practices for secure development.
You will also learn what kind of security related testing you can do without having any infosec background. After this session, you will be able to use evil use cases to reinforce your testing and verifying that your security requirements make sense.
Anne Oikarinen is a Senior Security Consultant who works with security and software development teams to help them design and develop secure software. Anne believes that cyber security is an essential part of software quality.
After working several years in a security software development team in various duties such as testing, test management, training, network design and product owner tasks, Anne focused her career fully on cyber security. In her current job at Nixu Corporation, Anne divides her time between hacking and threat analysis - although as network geek, she will also ensure that your network architecture is secure. Anne also has experience on incident response and security awareness after working in the National Cyber Security Centre of Finland.
Anne holds a Master of Science (Technology) degree in Communication Networks and Protocols from Tampere University of Technology, Finland, and maintains the CISSP and GMOB certifications.
