Presented at
AppSec USA 2017,
Sept. 21, 2017, 2:30 p.m.
(45 minutes).
We will map the GDPR requirements to the typical software security activities as part of a Secure Development Lifecycle. This will cover:
• How to include the DPO as part of the software security governance?
• Providing privacy awareness training to developers
• Including privacy in secure coding guidelines
• Including a Privacy Impact Analysis as part of software risk analysis.
• Mapping the GDPR to software security requirements
• Applying privacy by design on software architecture
• Including privacy threats in software threat modeling
• Including a privacy security checklist as part of software security testing
• Applying GDPR specific breach notification requirements on the vulnerability and incident management processes
The talk will focus on practical implementation aspects and demonstrations of real life use cases encountered in our software security and privacy projects.
More details can be provided in a detailed submission.
Presenters:
-
Steven Wierckx
- Consultant - Toreon
Steven Wierckx is application security expert and training at Toreon.com. He is also the project leader for the OWASP threat model project. Steven is a software and security Tester with 15 years of experience in programming, training, security testing, source code review, test automation, functional and technical analysis, development and database design. Steven has a passion for web application security. He is instructor for several secure coding, mobile app testing and threat modeling courses.
Links:
Similar Presentations: