We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Shifting from Syntax to Secure Software Development Processes • Laura Bell Main • YOW! 2023
"Learn to prioritize security in software development, from instant response planning to ongoing code reviews, as Laura Bell Main shares her expertise on shifting from syntax to secure practices at YOW! 2023."
- Shift focus from syntax to secure software development processes: Instead of only focusing on writing clean code, developers should prioritize security and consider the potential impact of their code on the entire ecosystem.
- Instant response planning: Develop a response plan for when security incidents occur, considering the four stages: identify, contain, erase, and recover.
- Threat modeling: Imagine a scenario where an attacker is trying to breach your system and identify potential vulnerabilities.
- Code quality matters: Writing high-quality code that is easy to maintain and understand is essential for security.
- Automated testing: Use automated testing to identify vulnerabilities and improve code quality.
- Vulnerability scanning: Run vulnerability scans regularly to identify potential vulnerabilities and prioritize remediation.
- Playbooks: Develop playbooks for common security scenarios, including incident response and remediation.
- Security is a team effort: Security is not just the responsibility of a single team or individual, but rather a shared responsibility across the entire organization.
- Code inheritance: Be aware of the potential risks associated with inheriting code from other developers or teams.
- Lack of security expertise: Not everyone has the necessary security expertise to identify and remediate vulnerabilities, and it’s essential to prioritize security.
- Security is a continuous process: Security is not a one-time task, but rather an ongoing process that requires continuous effort and improvement.
- Code reviews: Conduct regular code reviews to identify vulnerabilities and improve code quality.
- Threat modeling is not just for security experts: Threat modeling is a useful tool for developers and non-security experts alike, and can help identify potential vulnerabilities.
- Security is not just about code: Security is not just about writing secure code, but also about designing and implementing secure systems and architectures.
- Security should be a consideration from the beginning: Security should be considered from the outset of a project, rather than being tacked on at the end.