My software development lead and I are doing a webinar next week on how you do secure development within the Agile software development methodology (press release). To make the discussion more interesting, we aren’t talking in theoretical terms; we’ll be talking about what my company, Veracode, actually does during its secure development lifecycle.
No surprise: there’s a lot more to secure development in any methodology than simply “not writing bad code.” Some of the topics we’ll be including are:
- Secure architecture — and how to secure your architecture if it isn’t already
- Writing secure requirements, and security requirements, and how the two are different.
- Threat modeling for fun and profit
- Verification through QA automation
- Static binary testing, or how, when, and why Veracode eats its own dogfood
- Checking up–internal and independent pen testing
- Education–the role of certification and verification
- Oops–the threat landscape just changed. Now what?
- The not-so-agile process of integrating third party code.
It’ll be a brisk but fun stroll through how the world’s first SaaS-based application security firm does business. If you’re a developer or just work with one, it’ll be worth a listen.