Embedding GDPR into the SDLC
Steven Wierckx at AppSec USA 2017
Embedding GDPR into the SDLC
We will map the GDPR requirements to the typical software security activities as part of a Secure Development Lifecycle. This will cover:
• How to include the DPO as part of the software security governance?
• Providing privacy awareness training to developers
• Including privacy in secure coding guidelines
• Including a Privacy Impact Analysis as part of software risk analysis.
• Mapping the GDPR to software security requirements
• Applying privacy by design on software architecture
• Including privacy threats in software threat modeling
• Including a privacy security checklist as part of software security testing
• Applying GDPR specific breach notification requirements on the vulnerability and incident management processes
The talk will focus on practical implementation aspects and demonstrations of real life use cases encountered in our software security and privacy projects.
Speakers
Steven Wierckx
Consultant, Toreon
Steven Wierckx is application security expert and training at Toreon.com. He is also the project leader for the OWASP threat model project. Steven is a software and security Tester with 15 years of experience in programming, training, security testing, source code review.
We will map the GDPR requirements to the typical software security activities as part of a Secure Development Lifecycle. This will cover:
• How to include the DPO as part of the software security governance?
• Providing privacy awareness training to developers
• Including privacy in secure coding guidelines
• Including a Privacy Impact Analysis as part of software risk analysis.
• Mapping the GDPR to software security requirements
• Applying privacy by design on software architecture
• Including privacy threats in software threat modeling
• Including a privacy security checklist as part of software security testing
• Applying GDPR specific breach notification requirements on the vulnerability and incident management processes
The talk will focus on practical implementation aspects and demonstrations of real life use cases encountered in our software security and privacy projects.
Speakers
Steven Wierckx
Consultant, Toreon
Steven Wierckx is application security expert and training at Toreon.com. He is also the project leader for the OWASP threat model project. Steven is a software and security Tester with 15 years of experience in programming, training, security testing, source code review.