Recent Posts
Archives

AI Cybersecurity DefCon32 developer Devoxx DevoxxFR DevoxxPL2022 DevoxxPoland DevoxxUS2017 DotAI2024 Google Hibernate Java JavaScript JetBrains JMS Jonathan Lalou Kotlin KotlinConf KotlinConf2018 Kubernetes Maven Maven 2 Microservices Mule ESB NDCConferences ndcoslo NDCOslo2024 Node NodeCongress NodeCongress2021 NodeJS Oracle OxidizeConf2024 PHP Python recommendation RustLang Scala Security softwaredeveloper SoftwareDevelopment Spring Weblogic Weblogic 10

Posts Tagged ‘Manicode’

PostHeaderIcon [DotSecurity2017] Secure Software Development Lifecycle

Author: Jonathan Lalou

In the forge of functional fortification, where code coalesces into capabilities, embedding security sans sacrificing swiftness stands as the alchemist’s art. Jim Manico, founder of Manicode Security and erstwhile OWASP steward, alchemized this axiom at dotSecurity 2017, furnishing frameworks for fortifying the software development lifecycle (SDLC) from inception to iteration. A Hawaiian hui of secure coding savant, Jim’s odyssey—from Siena’s scrolls to Edgescan’s enterprise—equips his edicts with empirical edge, transforming tedious tenets into tactical triumphs that temper expense through early engagement.

Jim’s jaunt journeyed SDLC’s stations: analysis’s augury (requirements’ rigor, threats’ taxonomy), design’s delineation (architectural audits, data flow diagrams), coding’s crucible (checklists’ chisel, libraries’ ledger), testing’s tribunal (static sentinels, dynamic drills), operations’ observatory (monitoring’s mantle, incident’s inquest). Agile’s alacrity or waterfall’s wash notwithstanding, phases persist—analysis’s abstraction a month or minute, testing’s tenacity from triage to telemetry. Jim jabbed at jargon: process’s pallor palls without practicality—checklists conquer compendiums, triage trumps torrent.

Requirements’ realm reigns: OWASP’s taxonomy as talisman—access’s armature, injection’s inveiglement—blueprints birthing bug bounties. Design’s domain: threat modeling’s mosaic (STRIDE’s strata: spoofing’s specter to tampering’s thorn), data’s diagram (flows fortified, endpoints etched). Coding’s canon: Manicode’s missives—input’s inquisition (sanitization’s sieve), output’s oracle (encoding’s aegis)—libraries’ litany (npm’s audit, Snyk’s scrutiny). Testing’s tier: static’s scalpel (SonarQube’s scan, Coverity’s critique—rules’ rationing for relevance), dynamic’s delve (DAST’s dart, IAST’s insight). Operations’ oversight: logging’s ledger (anomalies’ alert), patching’s patrol (vulnerabilities’ vigil).

Jim’s jeremiad: late lamentations lavish lucre—early excision economizes, triage tempers toil. Static’s sacrament: compilers’ cognizance, rules’ refinement—devops’ deployment, developers’ deliverance from deluge.

SDLC’s Stations and Security’s Scaffold

Jim mapped milestones: analysis’s augury, design’s diagram—coding’s checklist, testing’s tier. Operations’ observatory: monitoring’s mantle, incident’s inquest.

Tenets’ Triumph and Tools’ Temperance

OWASP’s oracle, threat’s taxonomy—static’s scalpel, dynamic’s delve. Jim’s jewel: early’s economy, triage’s temperance—checklists conquer, compendiums crumble.

Links:

Posted in en-US | Tags: , , , , , , , , , | No Comments »
(c) 2008 Jonathan Lalou's Blog
All Rights Reserved.

Powered by WordPress and WordPress Theme | Host-euro.