Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile...
Transcript of Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile...
![Page 1: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/1.jpg)
Agile and Secure Can We Be Both?Agile and Secure – Can We Be Both?
June 13th, 2007
![Page 2: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/2.jpg)
The Agile Practitioner’s Dilemma The Agile Practitioner s Dilemma Agile Forces:
More responsive to Secure Forces:
More aggressive pbusiness concerns
ggregulatory environment
Increasing the frequency of stable releases
Increasing focus on need for security
Decreasing the
y
Traditional time it takes to deploy new features
approaches are top-down, document centric
1
features document centric
![Page 3: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/3.jpg)
Objectives
• Background• Goals of Agile Methodsg• Goals of Secure Development Lifecycle (SDL)• Review the Momentum of Agile Methods
L k t A I t t d P• Look at An Integrated Process• Challenges & Compromises
2
![Page 4: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/4.jpg)
Background
• Programmer by background (MCSD, Java 2 Certified Programmer)
• Denim Group– Software development– Software security: vulnerability assessments, training mentoring
• Challenges facing our own agile teams– Deliver projects in an economically-responsible manner– Uphold security goals
3
![Page 5: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/5.jpg)
Notable Agile Methods
• eXtreme Programming (XP)• Feature Driven Development (FDD)• SCRUM• MSF for Agile Software Development• Agile Unified Process (AUP)Agile Unified Process (AUP)• Crystal
4
![Page 6: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/6.jpg)
Manifesto for Agile Software Developmentp
Individuals and interactions over processes and tools
Working software over comprehensive documentation
Customer collaboration over contract negotiation
Responding to change over following a plan
5
Source: http://www.agilemanifesto.org/
![Page 7: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/7.jpg)
Agile’s Core ValuesAgile’s Core Values
C i ti• Communication
• Simplicity
• Feedback
• Courage
6
![Page 8: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/8.jpg)
Principles of Agile DevelopmentPrinciples of Agile Development• Rapid Feedback
• The system is appropriate f th i t d d di• Simple Design
• Incremental Change
for the intended audience.
• The code passes all the • Incremental Change
• Embracing Change
ptests.
• The code communicates
• Quality Work
• The code communicates everything it needs to.
Th d h th ll t• The code has the smallest number of classes and methods.
7
![Page 9: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/9.jpg)
Agile PracticesAgile Practices• The Planning Game
• Customer: scope, priorities and release dates
• Developer: estimates
• The Driving Metaphor
• Developer: estimates, consequences and detailed scheduling
• Shared Vision
• On-Site Customer
• Small Releases • Development iterations or cycles that last 1-4 weeks.
• Release iterations as soon as possible (weekly, monthly, quarterly).
8
![Page 10: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/10.jpg)
More Agile PracticesMore Agile Practices• Collective Ownership
• Test Driven
• Continuous Integration
• Coding Standardsg
• Pair Programming
9
![Page 11: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/11.jpg)
Definition of Secure
A secure product is one that protects the confidentiality, p p y,integrity, and availability of the customers’ information, and the integrity and availability of processing resources under control of the s stem’s o ner or administratorthe system’s owner or administrator.
Source: Writing Secure Code (Microsoft com)-- Source: Writing Secure Code (Microsoft.com)
10
![Page 12: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/12.jpg)
A Secure Development Process…
• Strives To Be A Repeatable Process
• Requires Team Member Education
• Tracks Metrics and Maintains Accountability
Sources:“Writing Secure Code” 2nd Ed., Howard & LeBlanc
“The Trustworthy Computing Security Development Lifecycle”by Lipner & Howard
11
y p
![Page 13: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/13.jpg)
Secure Development Principles
• SD3: Secure by Design, Secure by Default, and in Deployment• Learn From Mistakes• Minimize Your Attack Surface• Assume External Systems Are Insecure• Plan On FailurePlan On Failure • Never Depend on Security Through Obscurity Alone• Fix Security Issues Correctly
12
![Page 14: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/14.jpg)
Secure Development Practices
• Education, Education, Education
• Threat Modeling
• Secure Coding Techniques
• Security Testing
• Security Code Reviews
13
![Page 15: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/15.jpg)
Microsoft’s Secure Development Lifecycle (SDL)Microsoft s Secure Development Lifecycle (SDL)
• Requirements • DesignDesign• Implementation• Verification• Release• (Waterfall!)
14
![Page 16: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/16.jpg)
Observations of the SDL in Practice• Threat Modeling is the Highest-Priority Component• Penetration Testing Alone is Not the Answer• Tools Should be Complementary
15
![Page 17: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/17.jpg)
Threat ModelingThreat Modeling• STRIDE – classify threats
– Spoofing Identity– Spoofing Identity– Tampering with Data– Repudiation
Information Disclosure– Information Disclosure– Denial of Service– Elevation of Privilege
• DREAD – rank vulnerabilities– Damage Potential– Reproducibility– Exploitability– Affected Users
16
– Discoverability
![Page 18: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/18.jpg)
Dr Dobb’s says Agile Methods Are Catching OnDr. Dobb’s says Agile Methods Are Catching On41% of organizations have adopted an agile
methodologymethodology
Of the 2,611 respondents doing agile…p g g
• 37% using eXtreme Programming• 19% using Feature Driven Development (FDD)• 16% using SCRUM
7% i MSF f A il S ft D l t• 7% using MSF for Agile Software Development
17
Source: http://www.ddj.com/dept/architect/191800169
![Page 19: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/19.jpg)
Agile Teams are “Quality Infected”• 60% reported increased productivity
• 66% reported improved quality
• 58% improved stakeholder satisfaction58% improved stakeholder satisfaction
18
![Page 20: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/20.jpg)
Adoption Rate for Agile Practices
Of the respondents using an agile method…
• 36% have active customer participation
• 61% have adopted common coding guidelines61% have adopted common coding guidelines
• 53% perform code regression testing
• 37% utilize pair programming
19
![Page 21: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/21.jpg)
Let’s Look at Some Specific Agile Methods• eXtreme Programming (XP)
• Feature Driven Development (FDD)
• SCRUMSCRUM
• MSF for Agile Software Development
20
![Page 22: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/22.jpg)
eXtreme Programming (XP)
21
![Page 23: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/23.jpg)
Feature Driven Development (FDD)Feature Driven Development (FDD)
Develop an BuildDevelop an Overall Model
BuildFeatures
ListPlanning
Startup Phase
Designb
Buildbby
Featureby
Feature
Construction Phase
22
Source: http://featuredrivendevelopment.com/
![Page 24: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/24.jpg)
SCRUMSCRUM• Commonly Used to Enhance Existing Systems • Feature Backlog g• 30 Day Sprints• Daily Team Meeting
23
Source: http://www.controlchaos.com/
![Page 25: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/25.jpg)
MSF for Agile Software Development
• Adapted from the Spiral / Waterfall Hybrid
• Product definition, development and testing occurs in overlapping iterations
• Different iterations have a different focus
24
![Page 26: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/26.jpg)
An Integrated Process
Making Agile Trustworthy
25
![Page 27: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/27.jpg)
Project Roles
• Product Manager / Customer• Program Manager / Coach• Architect• Developer• TesterTester• Security Adviser
26
![Page 28: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/28.jpg)
Project Setup
• Education & Training (include Security)– Developers– Testers– Customers
• User Stories / Use Case Development• Architecture Decisions (spikes)• Agree on Threat Modeling standards for the project
– STRIDE priorities– DREAD ratings
27
![Page 29: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/29.jpg)
Release PlanningRelease Planning• User Stories / Use Cases Drive…
– Acceptance Test ScenariosAcceptance Test Scenarios– Estimations may affect priorities and thus the composition of the
release– Inputs for Threat Modelingp g– Security Testing Scenarios– Determine the qualitative “risk budget”
• Keep the customer involved in making risk tradeoffsp g
• Finalize Architecture & Development Guidelines– Common Coding Standards (include security)
• Crucial for collective code ownershipp– Data Classification standards– Conduct Initial Threat Modeling (assets & threats)– Designer’s Security Checklist
28
g y
![Page 30: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/30.jpg)
Iteration PlanningIteration Planning• 1-4 Weeks in Length (2 weeks is very common)
B i ith It ti Pl i M ti• Begins with an Iteration Planning Meeting – User Stories are broken down into Development Tasks– Developers estimate their own tasksp– Document the Attack Surface (Story Level)– Model the threats alongside the user story documentation
• Crucial in documentation-light processesCrucial in documentation light processes• Capture these and keep them
– Code will tell you what decision was made, threat models will tell you why decisions were made
– Crucial for “refactoring” in the face of changing security priorities
• Never Slip the Date– Add or Remove Stories As Necessary
29
Add or Remove Stories As Necessary
![Page 31: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/31.jpg)
Executing an IterationExecuting an Iteration• Daily Stand-ups
• Continuous Integration– Code Scanning ToolsCode Scanning Tools– Security Testing Tools
• Adherence to Common Coding Standards and Security Guidelines– Crucial for communal code ownershipCrucial for communal code ownership
• Developer’s Checklist
30
![Page 32: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/32.jpg)
Closing an Iteration
• Automation of Customer Acceptance Tests– Include negative testing for identified threats
• Security Code Review– Some may have happened informally during pair programming
31
![Page 33: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/33.jpg)
Stabilizing a Release
• Schedule Defects & Vulnerabilities– Prioritize vulnerabilities with client input based on agreed-upon STRIDE and
DREAD t d dDREAD standards
• Security Push– Include traditional penetration testing
32
![Page 34: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/34.jpg)
Compromises We’ve Made
• Feature-focus in iterations removes some “top down” control• More documentation than is required in pure Agile development
– Security coding standards– Data classification standards– Project-specific STRIDE and DREAD standards
U t th t d l– User story threat models
33
![Page 35: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/35.jpg)
Values of an Agile and Secure Process
C i ti• Communication• Simplicity• Feedback• Courage• Trustworthy
34
![Page 36: Agile and SecureAgile and Secure – Can We Be Both?Can We ......Jun 13, 2007 · The Agile PractitionerThe Agile Practitioner s Dilemma ’s Dilemma Agile Forces: More responsive](https://reader034.fdocuments.us/reader034/viewer/2022050417/5f8d1b7bb9f227111b7f711c/html5/thumbnails/36.jpg)
Questions
Dan [email protected](210) 572-4400
Website: www denimgroup comWebsite: www.denimgroup.comBlog 1: www.agileandsecure.comBlog 2: denimgroup.typepad.com
35