XP and Software Security?!
You gotta be kidding

Software Security meets XP

Slide 3

Old school security is reactive

Security goals

Traditional software project goals

XP software project goals

The classic security tradeoff

Modern security is about managing risks

Why software security is hard

Slide 11

Technology choices are glossed

Sociology problems

Security problems are complicated

BUG: The dreaded buffer overflow

Pervasive C problems

FLAW: Architectural problems with Java

Slide 18

Reaching for the brass ring

Ten guiding principles for secure design

Twelve guidelines for writing safer Java

Problem: Serialization

Fix: Serialization

Fix: Serialization

Slide 25

Software security big picture

On software security training

XP mentorship paradigm

Classic architectural analysis

Test driven “design”

The problem of design artifacts (BDUF lives)

Refactoring

Slide 33

Cost over time, the XP view

Classic code review

Continuous code review in XP

Requirements for a holistic review

How security testing should work

Test driven design (reprise)

Integrating software security

Cigital focuses on analyzing artifacts

XP and cross-project comparison

Beware of snake oil

Pointers