Agile Secure Software Development in a Large Software Development Organisation: Security Testing

Achim D. Brucker

Security testing is an important part of any (agile) secure software development lifecyle. Still, security testing is often understood as an activity done by security testers in the time between "end of development" and "offering the product to customers."

Learning from traditional testing that the fixing of bugs is the more costly the later it is done in development, we believe that security testing should be integrated into the daily development activities. To achieve this, we developed a security testing strategy, as part of SAP's security development lifecycle which supports the specific needs of the various software development models at SAP.

In this presentation, we will briefly presents SAP's approach to an agile secure software development process in general and, in particular, present SAP's Security Testing Strategy that enables developers to find security vulnerabilities early by applying a variety of different security testing methods and tools.

Schlüsselwörter:
Kategorien:
Dokumente:

QR Code for talk:brucker:assd:2015.Bitte zitieren sie diesen Artikel wie folgt:
Achim D. Brucker. Agile Secure Software Development in a Large Software Development Organisation: Security Testing. International Workshop on Agile Secure Software Development (ASSD), 26. aug. 2015. Invited Keynote.
(Folien) (Handout) (BibTeX) (Share article on LinkedIn. Share article on CiteULike.)

BibTeX
@Talk{ talk:brucker:assd:2015,
abstract = {Security testing is an important part of any (agile) secure software development lifecyle. Still, security testing is often understood as an activity done by security testers in the time between "end of development" and "offering the product to customers."\\\\Learning from traditional testing that the fixing of bugs is the more costly the later it is done in development, we believe that security testing should be integrated into the daily development activities. To achieve this, we developed a security testing strategy, as part of SAP's security development lifecycle which supports the specific needs of the various software development models at SAP.\\\\In this presentation, we will briefly presents SAP's approach to an agile secure software development process in general and, in particular, present SAP's Security Testing Strategy that enables developers to find security vulnerabilities early by applying a variety of different security testing methods and tools.},
author = {Achim D. Brucker},
day = {26},
event = {International Workshop on Agile Secure Software Development (ASSD)},
handout = {https://www.brucker.ch/bibliography/download/2015/talk-brucker-assd-2015-2x2.pdf},
isodate = {2015-08-26},
lecturer = {Achim D. Brucker},
location = {Toulouse, France},
month = {aug},
note = {Invited Keynote.},
slides = {https://www.brucker.ch/bibliography/download/2015/talk-brucker-assd-2015.pdf},
slideshare = {key/AGfcIRnk26Ghvx},
slideshare_height = {355},
slideshare_width = {425},
title = {Agile Secure Software Development in a Large Software Development Organisation: Security Testing},
url = {https://www.brucker.ch/bibliography/abstract/talk-brucker-assd-2015},
year = {2015},
}