SlideShare a Scribd company logo

Software security, secure software development in the age of IoT, smart things, embedded applications

LabSharegroup
LabSharegroup

The document discusses the importance of software security in the context of IoT and smart applications, emphasizing that cyber-attacks doubled in 2015. It highlights the need for secure software development practices and certifications like Common Criteria to protect sensitive data as connected devices proliferate. Key industry experts stress the necessity of integrating security from the initial stages of development to mitigate risks efficiently.

Software
1 of 24
Downloaded 54 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
SOFTWARE SECURITY, SECURE SOFTWARE DEVELOPMENT in the age of IoT, Smart Things, embedded applications
some news about software security in 2015
Cyber-attacks against businesses ‘doubled in 2015’ by venturebeat - read the article Should Software Companies Be Legally Liable For Security Breaches? by techcrunch - read 'The IoT is the Internet of Easy Home Hacking' by venturebeat - read
source url
Trends up to 2020
„Like the physical universe, the digital universe is large – by 2020 containing nearly as many digital bits as there are stars in the universe.“ - Market Research EMC/IDC „By 2020, 100 million light fixtures will be network controlled. At least as many gaps to access sensitive customer data will emerge.“ - Forbes and On World 25 billion networked devices by 2020
source url
R&D activity in the chip industry the hardware ecosystems
Read it STM secure MCU line The ST33TPM12LPC has received security certification based on the certified TPM protection profile (Revision 116) with Common Criteria Evaluation Assurance Level (EAL) 4+. This ensures that the product totally meets TCG certification requirements and is now listed as Certified TPM by the TCG organization
Read the full DS STM’ Kerkey; Security Module for Smartmetering system - Protection profile for the Security Module of a Smart Meter Gateway (Security Module PP) - ECC support for NIST-P-256 - Digital signature generation and verification with ECDSA - Key agreement with Diffie-Hellman (ECKA-ECDH) and El Gamal (ECKA-EG) - PACE with ECDH-GM-AES-CBC-CMAC-128 for secure messaging - On-chip ECC key pair generation
Embedded Security Infineon Secure MCU line Embedded security with Common Criteria certified platforms OPTIGA™ Trust P – All-in-one device for Authentication
IoT homepage Infineon IoT landscape Security matters: The IoT is built on many different semiconductor technologies, including power management devices, sensors and microprocessors. Performance and security requirements vary considerably from one application to another. One thing is constant, however. And that is the fact that the success of smart homes, connected cars and Industrie 4.0 factories hinges on user confidence in robust, easy-to-use, fail- safe security capabilities. The greater the volume of sensitive data we transfer over the IoT, the greater the risk of data and identity theft, device manipulation, data falsification, IP theft and even server/network manipulation IoT security
secure software development approach
webinar Build Your Software Securely it’s challenging to keep pace with the rapidly changing development environment while ensuring security and compliance requirements are not compromised.
download pdf The Ten Best Practices for Secure Software Development “In the 80’s we wired the world with cables and in the 90’s we wired the world with computer networks. Today we are wiring the world with applications (software). Having a skilled professional capable of designing, developing and deploying secure software is now critical to this evolving world.” Mark Curphey, Director & Product Unit Manager, Microsoft Corporation,
read the blog How to develop software the secure, Gary McGraw way Ensuring security in software, Gary McGraw has long argued, means starting at the code level: That is, build security in from the start. McGraw, chief technology officer at Cigital Inc. and recognized as the industry's foremost software security expert, has said that enterprises too often focus on repairing damage post-breach and fixing bugs after launch. Instead, he argues, greater attention to security in the earliest stages of software development would greatly reduce the percentage of successful attacks, and minimize damage when malicious hackers do succeed.
Testing, Inspection and Certification (TIC) industry role - Common Criteria -
Read the full intro Why is CC recommended for developers? 1. Common Criteria is a standard about Information Technology Security Evaluation, which, is true to its name Commonly accepted all over the World, in 25 countries. 2. The standard defines a construct of creating the system of the product security, in an implementation-independent structure called Protection Profile, or in an implementation-dependent structure called Security Target, giving the possibility to create a truly product-fitting security requirement construct. 3. The security requirements are set up in a system based on the assets of the product, and the threats to be countered, taking into consideration the security policies and assumptions, satisfying the security objectives . . .
Learning the latest technology: IoT, hardware security, software security
IoT certification Learn about IoT device, hardware security... online courses sw security hw security product mgmt
External service providers in the value chain: Providing Trust -Security ----- intro DoSell solution providers
download intro pdf Software & IT Security Evaluation Services Common Criteria accredtited laboratory offers consultancy, evaluation services, as a Certified Evaluation Facility. • Card applets (ID cards, access cards, signature cards, etc.) • Detection Devices and Systems(Log analysers, Vulnerability managers, etc.) • Data Protection Software (Backup solutions, Cryptographic solutions, etc.) • Access control systems (Access analysers, Authentication systems, Policy managers, etc.) • Boundary Protection Systems ( Software firewalls, Secure messaging platforms, etc.) • Other systems (Mobile computing, RFID systems, IoT, embedded application, Smart metering etc.)
download case study Secure Software Development HUB Back-end architecture development: Java EE - OSGi, node.js Enterprise Architecture Development end-to-end Large scale CMS, E-commerce system development RAD technology (framework) Rapid application development: Angular JS In-depth cryptography and software security solutions for Start-up: up to MVP end to end product design, management Scrum Project management, and Business Analyst service Scrum teams outsourcing
CONTACT US TIBOR.ZAHORECZ@DOSELL.IO

More Related Content

What's hot (19)

PPTX
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
Positive Hack Days
 
PPTX
Intro to Security in SDLC
Tjylen Veselyj
 
PPT
Software Security Engineering
Marco Morana
 
PPTX
Integrating Security Across SDLC Phases
Ishrath Sultana
 
PPTX
Secure Software Development Lifecycle
1&1
 
PDF
Security Development Lifecycle Tools
n|u - The Open Security Community
 
PPTX
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
WrikeTechClub
 
PDF
Sumeet Mandloi: Robust Security Testing Framework
Anna Royzman
 
PPTX
Agile and Secure SDLC
Nazar Tymoshyk, CEH, Ph.D.
 
PPTX
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Digital Defense Inc
 
PPTX
Secure SDLC Framework
Rishi Kant
 
PPTX
Mobile security recipes for xamarin
Nicolas Milcoff
 
PPTX
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Salil Kumar Subramony
 
PDF
The What, Why, and How of DevSecOps
Cprime
 
PDF
Secure Software Development Lifecycle - Devoxx MA 2018
Imola Informatica
 
PDF
Vulnerability threat and attack
newbie2019
 
PDF
5 Important Secure Coding Practices
Thomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²
 
PDF
Threat Modeling for the Internet of Things
Eric Vétillard
 
PPTX
Security in the Development Lifecycle - lessons learned
Boaz Shunami
 
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
Positive Hack Days
 
Intro to Security in SDLC
Tjylen Veselyj
 
Software Security Engineering
Marco Morana
 
Integrating Security Across SDLC Phases
Ishrath Sultana
 
Secure Software Development Lifecycle
1&1
 
Security Development Lifecycle Tools
n|u - The Open Security Community
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
WrikeTechClub
 
Sumeet Mandloi: Robust Security Testing Framework
Anna Royzman
 
Agile and Secure SDLC
Nazar Tymoshyk, CEH, Ph.D.
 
Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode
Digital Defense Inc
 
Secure SDLC Framework
Rishi Kant
 
Mobile security recipes for xamarin
Nicolas Milcoff
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Salil Kumar Subramony
 
The What, Why, and How of DevSecOps
Cprime
 
Secure Software Development Lifecycle - Devoxx MA 2018
Imola Informatica
 
Vulnerability threat and attack
newbie2019
 
5 Important Secure Coding Practices
Thomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²
 
Threat Modeling for the Internet of Things
Eric Vétillard
 
Security in the Development Lifecycle - lessons learned
Boaz Shunami
 

Similar to Software security, secure software development in the age of IoT, smart things, embedded applications (20)

PPTX
Product security by Blockchain, AI and Security Certs
LabSharegroup
 
PPTX
IoT Security, Threats and Challenges By V.P.Prabhakaran
Koenig Solutions Ltd.
 
PDF
An Internet of Things Reference Architecture
Symantec
 
PDF
The new era of Cyber Security IEC62443
WoMaster
 
PPTX
Best Practices for Cloud-Based IoT Security
SatyaKVivek
 
PPTX
_Creating Smart and Secure IoT Devices_ A Step-by-Step Guide (1).pptx
Iclimbs
 
PDF
Security for the IoT - Report Summary
Accenture Technology
 
PDF
Frost Entrust Datacard-award-write-up-final
Wendy Murphy
 
PDF
Cybersecurity In IoT Challenges And Effective Strategies.pdf
RahimMakhani2
 
PDF
Secure your Future with IoT Security Testing | Application Security
Cigniti Technologies Ltd
 
PDF
Make things come alive in a secure way - Sigfox
Sigfox
 
PDF
Platform Embedded Security Technology Revealed 1st Edition Xiaoyu Ruan Auth
iluylva
 
PDF
Cybersecurity in the Age of IoT - Skillmine
Skillmine Technology Consulting
 
PDF
Y20151003 IoT 資訊安全_趨勢科技分享
m12016changTIIMP
 
PDF
How BlackBerry Brings Android Security To Your Enterprise: White Paper
BlackBerry
 
PDF
The Challenge of Integrating Security Solutions with CI.pdf
Savinder Puri
 
PDF
Sleeping well with cloud services
Comarch_Services
 
PDF
Cyber security for Developers
techtutorus
 
PDF
Reinventing Cybersecurity in the Internet of Things
Nirmal Misra
 
PDF
151022_oml_reinventing_cybersecurity_IoT_v1p
Stéphane Roule
 
Product security by Blockchain, AI and Security Certs
LabSharegroup
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
Koenig Solutions Ltd.
 
An Internet of Things Reference Architecture
Symantec
 
The new era of Cyber Security IEC62443
WoMaster
 
Best Practices for Cloud-Based IoT Security
SatyaKVivek
 
_Creating Smart and Secure IoT Devices_ A Step-by-Step Guide (1).pptx
Iclimbs
 
Security for the IoT - Report Summary
Accenture Technology
 
Frost Entrust Datacard-award-write-up-final
Wendy Murphy
 
Cybersecurity In IoT Challenges And Effective Strategies.pdf
RahimMakhani2
 
Secure your Future with IoT Security Testing | Application Security
Cigniti Technologies Ltd
 
Make things come alive in a secure way - Sigfox
Sigfox
 
Platform Embedded Security Technology Revealed 1st Edition Xiaoyu Ruan Auth
iluylva
 
Cybersecurity in the Age of IoT - Skillmine
Skillmine Technology Consulting
 
Y20151003 IoT 資訊安全_趨勢科技分享
m12016changTIIMP
 
How BlackBerry Brings Android Security To Your Enterprise: White Paper
BlackBerry
 
The Challenge of Integrating Security Solutions with CI.pdf
Savinder Puri
 
Sleeping well with cloud services
Comarch_Services
 
Cyber security for Developers
techtutorus
 
Reinventing Cybersecurity in the Internet of Things
Nirmal Misra
 
151022_oml_reinventing_cybersecurity_IoT_v1p
Stéphane Roule
 
Ad

More from LabSharegroup (20)

PDF
Pitch Deck - LabShare 2017
LabSharegroup
 
PDF
Accelerate your company
LabSharegroup
 
PDF
Build venture - engineering services
LabSharegroup
 
PDF
Production ergonomics
LabSharegroup
 
PDF
DAG Ideas full-stack webservices joined to DoSell Platform
LabSharegroup
 
PDF
Machinery design & engineering
LabSharegroup
 
PDF
B2B reference guide for company makers part III. - Soft launch and Growth
LabSharegroup
 
PDF
B2B venture reference guide - part II.
LabSharegroup
 
PDF
B2B reference guide for company makers
LabSharegroup
 
PDF
DoSell pitch deck
LabSharegroup
 
PDF
DoSell vision, services overview
LabSharegroup
 
PDF
How we build a start-up from zero with the help of online content.
LabSharegroup
 
PDF
The true story of building up our venture
LabSharegroup
 
PDF
Industrial Design www.dosell.io
LabSharegroup
 
PDF
Common Criteria Lab Hungary
LabSharegroup
 
PDF
The best way to design secure software products
LabSharegroup
 
PDF
Bring your Ideas to Life
LabSharegroup
 
PDF
DoSell Virtual Verification
LabSharegroup
 
PDF
Cathay general intro
LabSharegroup
 
PDF
ViveLab
LabSharegroup
 
Pitch Deck - LabShare 2017
LabSharegroup
 
Accelerate your company
LabSharegroup
 
Build venture - engineering services
LabSharegroup
 
Production ergonomics
LabSharegroup
 
DAG Ideas full-stack webservices joined to DoSell Platform
LabSharegroup
 
Machinery design & engineering
LabSharegroup
 
B2B reference guide for company makers part III. - Soft launch and Growth
LabSharegroup
 
B2B venture reference guide - part II.
LabSharegroup
 
B2B reference guide for company makers
LabSharegroup
 
DoSell pitch deck
LabSharegroup
 
DoSell vision, services overview
LabSharegroup
 
How we build a start-up from zero with the help of online content.
LabSharegroup
 
The true story of building up our venture
LabSharegroup
 
Industrial Design www.dosell.io
LabSharegroup
 
Common Criteria Lab Hungary
LabSharegroup
 
The best way to design secure software products
LabSharegroup
 
Bring your Ideas to Life
LabSharegroup
 
DoSell Virtual Verification
LabSharegroup
 
Cathay general intro
LabSharegroup
 
ViveLab
LabSharegroup
 
Ad

Recently uploaded (20)

PDF
Driver Easy Pro 6.1.1 Crack Licensce key 2025 FREE
utfefguu
 
PPTX
In From the Cold: Open Source as Part of Mainstream Software Asset Management
Shane Coughlan
 
PPTX
Agentic Automation Journey Series Day 2 – Prompt Engineering for UiPath Agents
klpathrudu
 
PDF
Generic or Specific? Making sensible software design decisions
Bert Jan Schrijver
 
PDF
Wondershare PDFelement Pro Crack for MacOS New Version Latest 2025
bashirkhan333g
 
PDF
유니티에서 Burst Compiler+ThreadedJobs+SIMD 적용사례
Seongdae Kim
 
PDF
Top Agile Project Management Tools for Teams in 2025
Orangescrum
 
PPTX
Change Common Properties in IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 
PPTX
Coefficient of Variance in IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 
PPTX
Home Care Tools: Benefits, features and more
Third Rock Techkno
 
PPTX
Help for Correlations in IBM SPSS Statistics.pptx
Version 1 Analytics
 
PDF
MiniTool Partition Wizard 12.8 Crack License Key LATEST
hashhshs786
 
PDF
Automate Cybersecurity Tasks with Python
VICTOR MAESTRE RAMIREZ
 
PDF
Download Canva Pro 2025 PC Crack Full Latest Version
bashirkhan333g
 
PPTX
Homogeneity of Variance Test Options IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 
PPTX
ChiSquare Procedure in IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 
PDF
Build It, Buy It, or Already Got It? Make Smarter Martech Decisions
bbedford2
 
PDF
4K Video Downloader Plus Pro Crack for MacOS New Download 2025
bashirkhan333g
 
PPTX
Hardware(Central Processing Unit ) CU and ALU
RizwanaKalsoom2
 
PPTX
Empowering Asian Contributions: The Rise of Regional User Groups in Open Sour...
Shane Coughlan
 
Driver Easy Pro 6.1.1 Crack Licensce key 2025 FREE
utfefguu
 
In From the Cold: Open Source as Part of Mainstream Software Asset Management
Shane Coughlan
 
Agentic Automation Journey Series Day 2 – Prompt Engineering for UiPath Agents
klpathrudu
 
Generic or Specific? Making sensible software design decisions
Bert Jan Schrijver
 
Wondershare PDFelement Pro Crack for MacOS New Version Latest 2025
bashirkhan333g
 
유니티에서 Burst Compiler+ThreadedJobs+SIMD 적용사례
Seongdae Kim
 
Top Agile Project Management Tools for Teams in 2025
Orangescrum
 
Change Common Properties in IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 
Coefficient of Variance in IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 
Home Care Tools: Benefits, features and more
Third Rock Techkno
 
Help for Correlations in IBM SPSS Statistics.pptx
Version 1 Analytics
 
MiniTool Partition Wizard 12.8 Crack License Key LATEST
hashhshs786
 
Automate Cybersecurity Tasks with Python
VICTOR MAESTRE RAMIREZ
 
Download Canva Pro 2025 PC Crack Full Latest Version
bashirkhan333g
 
Homogeneity of Variance Test Options IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 
ChiSquare Procedure in IBM SPSS Statistics Version 31.pptx
Version 1 Analytics
 
Build It, Buy It, or Already Got It? Make Smarter Martech Decisions
bbedford2
 
4K Video Downloader Plus Pro Crack for MacOS New Download 2025
bashirkhan333g
 
Hardware(Central Processing Unit ) CU and ALU
RizwanaKalsoom2
 
Empowering Asian Contributions: The Rise of Regional User Groups in Open Sour...
Shane Coughlan
 

Software security, secure software development in the age of IoT, smart things, embedded applications

  • 1. SOFTWARE SECURITY, SECURE SOFTWARE DEVELOPMENT in the age of IoT, Smart Things, embedded applications
  • 2. some news about software security in 2015
  • 3. Cyber-attacks against businesses ‘doubled in 2015’ by venturebeat - read the article Should Software Companies Be Legally Liable For Security Breaches? by techcrunch - read 'The IoT is the Internet of Easy Home Hacking' by venturebeat - read
  • 6. „Like the physical universe, the digital universe is large – by 2020 containing nearly as many digital bits as there are stars in the universe.“ - Market Research EMC/IDC „By 2020, 100 million light fixtures will be network controlled. At least as many gaps to access sensitive customer data will emerge.“ - Forbes and On World 25 billion networked devices by 2020
  • 8. R&D activity in the chip industry the hardware ecosystems
  • 9. Read it STM secure MCU line The ST33TPM12LPC has received security certification based on the certified TPM protection profile (Revision 116) with Common Criteria Evaluation Assurance Level (EAL) 4+. This ensures that the product totally meets TCG certification requirements and is now listed as Certified TPM by the TCG organization
  • 10. Read the full DS STM’ Kerkey; Security Module for Smartmetering system - Protection profile for the Security Module of a Smart Meter Gateway (Security Module PP) - ECC support for NIST-P-256 - Digital signature generation and verification with ECDSA - Key agreement with Diffie-Hellman (ECKA-ECDH) and El Gamal (ECKA-EG) - PACE with ECDH-GM-AES-CBC-CMAC-128 for secure messaging - On-chip ECC key pair generation
  • 11. Embedded Security Infineon Secure MCU line Embedded security with Common Criteria certified platforms OPTIGA™ Trust P – All-in-one device for Authentication
  • 12. IoT homepage Infineon IoT landscape Security matters: The IoT is built on many different semiconductor technologies, including power management devices, sensors and microprocessors. Performance and security requirements vary considerably from one application to another. One thing is constant, however. And that is the fact that the success of smart homes, connected cars and Industrie 4.0 factories hinges on user confidence in robust, easy-to-use, fail- safe security capabilities. The greater the volume of sensitive data we transfer over the IoT, the greater the risk of data and identity theft, device manipulation, data falsification, IP theft and even server/network manipulation IoT security
  • 14. webinar Build Your Software Securely it’s challenging to keep pace with the rapidly changing development environment while ensuring security and compliance requirements are not compromised.
  • 15. download pdf The Ten Best Practices for Secure Software Development “In the 80’s we wired the world with cables and in the 90’s we wired the world with computer networks. Today we are wiring the world with applications (software). Having a skilled professional capable of designing, developing and deploying secure software is now critical to this evolving world.” Mark Curphey, Director & Product Unit Manager, Microsoft Corporation,
  • 16. read the blog How to develop software the secure, Gary McGraw way Ensuring security in software, Gary McGraw has long argued, means starting at the code level: That is, build security in from the start. McGraw, chief technology officer at Cigital Inc. and recognized as the industry's foremost software security expert, has said that enterprises too often focus on repairing damage post-breach and fixing bugs after launch. Instead, he argues, greater attention to security in the earliest stages of software development would greatly reduce the percentage of successful attacks, and minimize damage when malicious hackers do succeed.
  • 17. Testing, Inspection and Certification (TIC) industry role - Common Criteria -
  • 18. Read the full intro Why is CC recommended for developers? 1. Common Criteria is a standard about Information Technology Security Evaluation, which, is true to its name Commonly accepted all over the World, in 25 countries. 2. The standard defines a construct of creating the system of the product security, in an implementation-independent structure called Protection Profile, or in an implementation-dependent structure called Security Target, giving the possibility to create a truly product-fitting security requirement construct. 3. The security requirements are set up in a system based on the assets of the product, and the threats to be countered, taking into consideration the security policies and assumptions, satisfying the security objectives . . .
  • 19. Learning the latest technology: IoT, hardware security, software security
  • 20. IoT certification Learn about IoT device, hardware security... online courses sw security hw security product mgmt
  • 21. External service providers in the value chain: Providing Trust -Security ----- intro DoSell solution providers
  • 22. download intro pdf Software & IT Security Evaluation Services Common Criteria accredtited laboratory offers consultancy, evaluation services, as a Certified Evaluation Facility. • Card applets (ID cards, access cards, signature cards, etc.) • Detection Devices and Systems(Log analysers, Vulnerability managers, etc.) • Data Protection Software (Backup solutions, Cryptographic solutions, etc.) • Access control systems (Access analysers, Authentication systems, Policy managers, etc.) • Boundary Protection Systems ( Software firewalls, Secure messaging platforms, etc.) • Other systems (Mobile computing, RFID systems, IoT, embedded application, Smart metering etc.)
  • 23. download case study Secure Software Development HUB Back-end architecture development: Java EE - OSGi, node.js Enterprise Architecture Development end-to-end Large scale CMS, E-commerce system development RAD technology (framework) Rapid application development: Angular JS In-depth cryptography and software security solutions for Start-up: up to MVP end to end product design, management Scrum Project management, and Business Analyst service Scrum teams outsourcing