Handling of Security Requirements in Software Development Lifecycle

Explore a comprehensive approach to handling security requirements throughout the software development lifecycle in this AppSecUSA 2017 conference talk. Gain insights into managing security risks across diverse technologies and methodologies in large companies. Learn about SecurityRAT, a tool developed to support and accelerate the process of addressing security requirements. Discover how to generate relevant security requirements based on software properties, automate their handling, and integrate with issue trackers. Delve into ongoing developments, including system integration, automated testing, and reporting. Benefit from the expertise of Daniel Kefer, Head of Application Security at 1&1 Mail & Media Development & Technology GmbH, and Rene Reuter, IT Security Consultant at Robert Bosch GmbH, as they share their experiences in proactive security efforts and working closely with developers.

Intro
The fast pace
Security documentation
Security in HR development
Outsourcing development
Solution
Requirement Automation Tool
Security Rat Overview
Adding Parameters
Looking in the Database
Persistence
Artifact
Ticket Status
Create Slides
Browse Requirements
Export Requirements
Update Requirements
Accept or Decline
Security Cat
Code Block
Machine readable requirements
What we are currently doing
Alternative Instance
SecurityCat
Import Requirement Sets