2111 NE 25th Ave
Hillsboro, Oregon 97124

A product that is vulnerable to attack may be perceived as a low-quality product and its maintenance can be very costly. Information on how to break security protections on many computer and communication technologies is freely available on the Internet and new tools and clever techniques appear every day. These resources can be used to locate vulnerable systems, try to extract sensitive information from them, or simply use them for purposes for which they were not originally created. Constructing and evaluating secure products is an important and ongoing challenge which needs product security and its evaluation to be designed into the development lifecycle itself.

This presentation will describe product security evaluation in the context of the Security Development Lifecycle (SDL), a technology-independent four-stage procedure that helps find and mitigate security breaches before product release. The talk will give the audience an understanding of how the different SDL activities such as threat modeling, secure coding and penetration testing, fit into the SDL framework to enhance product security.

Topics covered
SDL Checkpoints, HazOp Analysis, Code Reviews, Testing scenarios, Static analysis tools, Testing tools, SeCoE, H/w sec. testing, Security Requirements, CAPEC

Speakers:
Burzin Daruwala, Lead Security Evaluator, DEG Security Center of Excellence
Salvador Mandujano, Technical Lead, Security Center of Excellence

Official Website: https://db.sao.org/calendar2/event_description.htm?eventID=9/3/08

Added by sao on July 25, 2008

Interested 2