Approved for 1 GIAC CPE
Over the past 17 years, the way we develop software has changed completely. Development processes evolved from Waterfall, to Incremental, to Spiral, to Agile. Each step forward was taken to build better software by improving the software building process. Each step included changes in tools, languages, and systems to encourage gradually more agile processes, while discouraging slower and more cumbersome processes. The fast change of development evolution gradually denounced everything that hindered agility including security. Agile had an uneasy relationship with security because its facets which promoted better software development (in general) broke existing techniques for building security into code. There are several areas of conflict which, on the surface, make it difficult to embed security into Agile.
In this one-hour presentation the following topics will be discussed:
- Phases in the SDLC (systems development life cycle)
- Brief history and overview of process models (such as, Waterfall, Incremental, Spiral, and Agile development approaches (specifically, Scrum).
- Techniques and tools which can be used to incorporate security into Agile development.