Secure Application Development
Home faculty program location registration subscribe related past events	Integrating security tools into the SDLC Learning objectives Understand the range of tools available to the software security practitioner Demonstrate an ability to select the appropriate tools for a particular task Effectively integrate the tools into a software build process Overview Automated security tools are often used in software development, from static source code analysis tools to penetration testing tools. Unfortunately, due to a variety of reasons, many development organizations fail to get the maximum benefit from the tools. Worse, the way that many organizations use security tools may actually hamper effective development work. Penetration testing tools, for example, are commonly used for late life cycle “black box” testing. This forces, at best, knee jerk reactions to remediate any defects that are found, quite often at the expense of the application’s original design concepts. It also likely fails to find a great many security defects. To make matters worse, forced integration of tool technologies into existing workflows can be disruptive and counter productive. This session delves into the automated tools associated with secure software development, and how they can be successfully integrated into a development workflow. NOTE Many of the tools described in this session will be available for hands-on examination in Friday's "Hands-on security tools" session.

Secure Application Development

Integrating security tools into the SDLC

Learning objectives

Understand the range of tools available to the software security practitioner
Demonstrate an ability to select the appropriate tools for a particular task
Effectively integrate the tools into a software build process

Overview

Automated security tools are often used in software development, from static source code analysis tools to penetration testing tools. Unfortunately, due to a variety of reasons, many development organizations fail to get the maximum benefit from the tools. Worse, the way that many organizations use security tools may actually hamper effective development work. Penetration testing tools, for example, are commonly used for late life cycle “black box” testing. This forces, at best, knee jerk reactions to remediate any defects that are found, quite often at the expense of the application’s original design concepts. It also likely fails to find a great many security defects. To make matters worse, forced integration of tool technologies into existing workflows can be disruptive and counter productive.

This session delves into the automated tools associated with secure software development, and how they can be successfully integrated into a development workflow.

NOTE Many of the tools described in this session will be available for hands-on examination in Friday's "Hands-on security tools" session.