AppSec Europe 2016 has ended
Back To Schedule
Thursday, June 30 • 16:15 - 17:00
Addressing Security Requirements in Development Projects

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

As the software development projects have been becoming more and more agile throughout the past years, the same thing has to apply for security teams in order to be understood as business enablers rather than as an obstacle. In this talk we aim to present a tool which we have implemented on the basis of 1&1's internal secure software development lifecycle, with the goal of increasing comprehensibility and automation/scalability of particular security-related activities in development projects. 

The core functionality of the tool is management and implementation support of two types of security requirements: 
- lifecycle requirements, describing security-related activities performed during the development 
- technical requirements, describing the desired security properties of systems/artifacts being built 

Other notable features are: 
- categorizing and filtering of requirements for systems with different properties 
- integration with JIRA, enabling to automatically create and monitor progress of tasks of dev teams 
- export of the requirement sets for external partners in order to align security of external and internal development 

The plan is also to release this application as an open source project and involve the security community in its further development.

avatar for Daniel Kefer

Daniel Kefer

Head of Application Security, 1&1 Mail & Media Development & Techhnology GmbH
Daniel Kefer has been working in the application security field since 2007. Having started as a penetration tester, he soon became passionate about proactive security efforts and working closely with developers. Since 2011 he has been working for 1&1 where he currently leads an internal... Read More →
avatar for Rene Reuter

Rene Reuter

IT Security Consultant, Robert Bosch GmbH
René Reuter is a security engineer with over 6 years of experience in the application security field. At Robert Bosch GmbH, he works as an IT Security Consultant responsible for identifying vulnerabilities and design flaws that may impact Robert Boschs' applications and infrastructure... Read More →

Thursday June 30, 2016 16:15 - 17:00 CEST
Room D (Tiziano Ballrom Sec. 3)