Agile Secure Software Development in a Large Software Development Organisation: Security Testing

By Achim D. Brucker.

Security testing is an important part of any (agile) secure software development lifecyle. Still, security testing is often understood as an activity done by security testers in the time between "end of development" and "offering the product to customers."

Learning from traditional testing that the fixing of bugs is the more costly the later it is done in development, we believe that security testing should be integrated into the daily development activities. To achieve this, we developed a security testing strategy, as part of SAP’s security development lifecycle which supports the specific needs of the various software development models at SAP.

In this presentation, we will briefly presents SAP’s approach to an agile secure software development process in general and, in particular, present SAP’s Security Testing Strategy that enables developers to find security vulnerabilities early by applying a variety of different security testing methods and tools.

Please cite this work as follows:
A. D. Brucker, “Agile secure software development in a large software development organisation: Security testing,” presented at the International workshop on agile secure software development (ASSD), Toulouse, France, Aug. 26, 2015. Invited Keynote.. Author copy: https://logicalhacking.com/publications/talk-brucker-assd-2015/

BibTeX
@Unpublished{ talk:brucker:assd:2015,
  date              = {2015-08-26},
  title             = {Agile Secure Software Development in a Large Software
                       Development Organisation: Security Testing},
  author            = {Achim D. Brucker},
  lecturer          = {Achim D. Brucker},
  day               = {26},
  month             = {aug},
  note              = {Invited Keynote.. 
                       Author copy: \url{https://logicalhacking.com/publications/talk-brucker-assd-2015/}},
  venue             = {Toulouse, France},
  year              = {2015},
  eventtitle        = {International Workshop on Agile Secure Software Development
                       (ASSD)},
  abstract          = {Security testing is an important part of any (agile) secure
                       software development lifecyle. Still, security testing is
                       often understood as an activity done by security testers in
                       the time between "end of development" and "offering the
                       product to customers."
                       
                       Learning from traditional testing that the fixing of bugs is
                       the more costly the later it is done in development, we
                       believe that security testing should be integrated into the
                       daily development activities. To achieve this, we developed a
                       security testing strategy, as part of SAP's security
                       development lifecycle which supports the specific needs of the
                       various software development models at SAP.
                       
                       In this presentation, we will briefly presents SAP's approach
                       to an agile secure software development process in general
                       and, in particular, present SAP's Security Testing Strategy
                       that enables developers to find security vulnerabilities early
                       by applying a variety of different security testing methods
                       and tools.},
  slideshare        = {key/AGfcIRnk26Ghvx},
  slideshare_width  = {425},
  slideshare_height = {355},
  pdf               = {https://logicalhacking.com/publications/talk-brucker-assd-2015/talk-brucker-assd-2015.pdf},
}