Dr. Domenico Rotondi TXT e-solutions SpA Italy. SHIELDS: metrics, tools and Internet services to improve security in application developments. Summary. Software Development & Security Why SHIELDS SHIELDS Approach SHIELDS Expected Impacts & Outcomes SHIELDS Consortium - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
SHIELDS ApproachSHIELDS and Software development phases:
OWASP Day III – 23rd , February 2009 OWASP-Italy
Security Activities Related To Development Phases
Requirement ImplementationDesign Test
Selecting mitigation strategies
Goal driven inspection
Vulnerability driven inspection
Secu
rity ed
ucati
on
on vu
lnerab
ility
caus
es
Security goal and vulnrability class
identification
Vulnerability Cause Presence Testing
OWASP Day III – 23rd , February 2009 OWASP-Italy
SHIELDS Tools to support the Developmet phases
Scenario based inspection Goat (modelling)
Misuse Case SeaMonster (modelling) (see http://seamonster.wiki.sourceforge.net/)
Under Construction!Please see http://www.shields-project.eu/For updates
Graphical User Interface to access and Search SVRS SHIELDS repository
OWASP Day III – 23rd , February 2009 OWASP-Italy
SHIELDS Approach
SHIELDS advantages:Reduced/no duplication of effort:
Every update can potentially affect all tools SHIELDS reported vulnerabilities can impact all phases
Higher assurance: Tools can quickly acquire knowledge to face new
vulnerabilities Improved software quality:
Developers get more and better security information Developers improve their security expertise
…
OWASP Day III – 23rd , February 2009 OWASP-Italy
SHIELDS Expected ImpactsIncreasing security to enhance trust
Supporting
Justifying
For
For
Helping them create
Better security information
Better security tools
Developers
More secure software
Lower risk
More trust
Provides
Leading to
More robust
Which is
Trusted computing infrastructures ensuring interoperability and end-to-end security of data and services; increased security and dependability in the engineering of software systems to ensure the design and development of trustworthy applications and services
Supporting
Supporting
Provides
OWASP Day III – 23rd , February 2009 OWASP-Italy
SHIELDS Expected Outcomes
SHIELDS Repository Service:A network accessible service providing:
guidelines Models (vulnerabilities, countermeasures, Misuse and