XP Cincinnati: Software Security

 

This software security talk was given at the August 1st, 2006 meeting of XP Cincinnati, the Cincinnati Agile and Extreme Programming group. The talk introduces the software security problem and common software security practices, then goes on to discuss possibilities for incorporating software security practices into an extreme programming development process. Demonstrations and examples focus on web application security.

Talk Schedule

  1. What is Software Security
  2. SQL Injection Demo
  3. Software Security Practices
  4. Static Analysis Demo
  5. Penetration Testing with WebGoat and Web Scarab
  6. Adding Security to XP

Web Sites

  1. Build Security In
  2. OWASP The Open Web Application Security Project
  3. OWASP Guide to Building Secure Web Applications
  4. OWASP Top 10 Vulnerabilities
  5. Secure Programming for Linux and Unix HOWTO

References

  1. Gary McGraw, XP and Software Security?! You gotta be kidding, XP Universe, 2003.
  2. Gary McGraw, Software Security: Building Security In, Addison Wesley, 2006.
  3. Michael Howard & Steve Lipner, The Security Development Lifecycle, Microsoft Press, 2006.
  4. John Viega & Gary McGraw, Building Secure Software: How To Avoid Security Problems the Right Way, Addison-Wesley, 2001

Software Security Tools

  1. WebGoat teaching application
  2. WebScarab testing tool
  3. Static Analysis Tools
 

© James Walden, Ph.D.