A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


The Insecure Software Development Lifecycle: How to find, fix, and manage deficiencies within an existing methodology. - April C. Wright (ShowMeCon 2018) (Hacking Illustrated Series InfoSec Tutorial Videos)

The Insecure Software Development Lifecycle: How to find, fix, and manage deficiencies within an existing methodology.
April C. Wright
ShowMeCon 2018

As security practitioners, we know what "secure software" is, but we do not always know how to actually achieve software assurance in the way we want it. Many valid questions arise when trying to fix a development function that does not think it has time or resources to create securely: How should you evaluate an existing software development program? What do you do once you,ve identified deficiencies in a process? How do you inject security into the organization,s framework? When insecure methods for creating and maintaining software have already been established, but the program does not include security or compliance, there are practical techniques you can use to elicit change, such as obtaining buy-in from stakeholders and closing process gaps. Any existing software development methodology can be updated to ensure security becomes a mandatory consideration at every step of the SDLC.

Bio: April C. Wright is an author, teacher, community leader, and hacker who has been a generalist for the last 25+ years, breaking, making, fixing, and defending "all the things" while playing security roles on offensive, defensive, operational, and development teams throughout her career. She travels the globe teaching others about Information Security, with the goal of protecting both your personal privacy as well as our most important assets to make the digital components that impact our lives safer and more secure. April has been a speaker and contributor at security conferences including BlackHat, DEF CON, DefCamp, and DerbyCon, as well as cybersecurity organizations such as OWASP and ISSA. She has started multiple small businesses including a non-profit, is a member of the DEF CON Groups Core Team, and in 2017, she co-founded the Boston DEF CON Group DC617. While she most recently has been working with Verizon to build more secure software from the ground up through SDLC programs, creating governance and compliance processes, and performing risk reduction with a vengeance via leadership of comprehensive security programs for massive global infrastructures, she is a polymath who specializes in seemingly nothing (except perhaps learning about everything in the hope of sharing and employing knowledge). April has collected dozens of certifications to add letters at the end of her name, from Operating Systems to Social Engineering to Cloud Security to First Aid to Photography. She almost died in Dracula's secret staircase, and once read on teh interwebs, that researchers at the University of North Carolina released a comprehensive report in 2014 confirming that she is the "most significant and interesting person currently inhabiting the earth", so it must be true.

Back to ShowMeCon 2018 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast