SDL That Won't Break the Bank

Explore effective SDL (Security Development Lifecycle) strategies for smaller organizations in this 52-minute Black Hat conference talk. Learn about cost-effective resources and techniques to create a robust security program, addressing unique challenges such as dependence on third-party software. Discover how to implement secure development practices, including response processes, severity ratings, and third-party code security. Gain insights into essential steps like training, secure design, platform security, attack surface minimization, and code-level vulnerability prevention. Understand the importance of penetration testing, threat modeling, and bug bounty programs in enhancing overall security. Acquire practical knowledge on where to start and how to integrate these practices into your development process, ensuring a comprehensive approach to software security that won't break the bank.

Introduction
Agenda
The Process
Do Everything
Small Companies
Response Process
Severity Ratings
Secure Your ThirdParty Code
Do the Easy Stuff
Involve
Training
SECUR Design
Platform Security
Minimize Attack Surface
Code Level Vulnerabilities
Penetration Testing
Integration
Threat Modelling
Verification
Bug Bounty
Resources
Security
Penetration
Threat Modeling
Software Vulnerability
Where do you start