Information security is not something you can sprinkle over your applications - security needs to be baked in. In this session, you will learn how to take security into account in every step of your software development process, focusing on design and development. You will get to know basics of threat modeling which helps you to assess security already in the design phase. Threat modeling helps you deliver better software, prioritize your preventive security measures, and focus penetration testing to the most risky parts of the system. The session covers various methods, such as the STRIDE model, for finding security and privacy threats. Software security is not about reinventing the wheel. There’s a lot of great existing material out there, for example from OWASP, that you can use for selecting suitable security requirements and creating best practices for secure development. You will also learn what kind of security related testing you can do without having any infosec background. After this session, you will be able to use evil use cases to reinforce your testing and verifying that your security requirements make sense.
What Every Developer and Tester Should Know About Software Security
Speakers
Location
Lustikulla Konferens & Event
    Liljeholmsvägen 18
    Stockholm, 117 61