《在软件项目开发中兼顾安全和敏捷》OneAPM 刘再耀 061118

2020-03-01 95浏览

  • 1.CTO
  • 2.
  • 3.
  • 4.Web Top 10
  • 5.No SQL Storage Big Data Map/Reduce Computing & Microservice Rest Messaging Microservice (IoT)
  • 6.SDL • • • • • • • • • • • • • • • • • • • • (fuzzing tools, static- • • • analysis tools, etc) • • reviews RTM
  • 7.Auto motive SDL V Model
  • 8.
  • 9.Sprint1 Sprint2 Sprint..N Story Story A A Story B Story C Story D Story E Story F Story G Story H
  • 10.• • • • • • • •
  • 11.Scrum
  • 12.• • • • • („Abuse “) • • Secure Coding • Security Code Reviews • Security Testing ( )
  • 13.“ ”
  • 14.
  • 15.
  • 16.1 2
  • 17.Scrum
  • 18.Scrum
  • 19.“ ”
  • 20.
  • 21.IDEhttp://www.contrastsecurity.com/eclipse
  • 22.
  • 23.
  • 24.
  • 25.Scrum
  • 26.
  • 27.RASP - RASP
  • 28.The Rugged Manifesto • I recognize that my code will be used in ways I cannot anticipate in ways it was not designed, and for longer than it was ever intended. • I recognize that my code will be attacked by talented and persistent adversaries who threaten our physical, economic, and national security. • I am rugged because I refuse to be a source of vulnerability or weakness. • I am rugged, not because it is easy, but because it is necessary… and I am up for the challenge. •https://www.ruggedsoftware.org
  • 29.Q&A