{"_id":"55545650b450630d00041d7b","__v":2,"project":"553aa3050074c80d00621c33","user":"553aac0436d0100d004b35a5","category":{"_id":"554dd8d10f31e40d0028e7a2","pages":["554dd90c2432590d00bd5110","554dd913be34a70d0003787c","554dd91cbe34a70d0003787e","554dd95cbe34a70d00037882","55545650b450630d00041d7b","5554565fa7de890d0003d51b","566c8b44cb3d040d00abae40","566c9bebcb3d040d00abae4f"],"project":"553aa3050074c80d00621c33","__v":8,"version":"553aa3050074c80d00621c36","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-05-09T09:52:17.881Z","from_sync":false,"order":2,"slug":"features","title":"Features"},"version":{"_id":"553aa3050074c80d00621c36","__v":6,"project":"553aa3050074c80d00621c33","createdAt":"2015-04-24T20:09:41.956Z","releaseDate":"2015-04-24T20:09:41.955Z","categories":["553aa3060074c80d00621c37","554dd8d10f31e40d0028e7a2","554ddd802432590d00bd511a","569784c469393517000c8315","569784ce3503e40d0061f40e","59685ebf456d69001568a933"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"parentDoc":null,"updates":[],"next":{"pages":[],"description":""},"createdAt":"2015-05-14T08:01:20.118Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":2,"body":"After selecting the view button we find the sprint summary. Here the security requirements are correlated to knowledgebase items to give more in depth information about the attack vectors that corresponds with that item, as wel as the solutions on how to mitigate the attacks in the code. \n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/d9fb551-asdasdasas.png\",\n        \"asdasdasas.png\",\n        2806,\n        1463,\n        \"#dfdfe9\"\n      ]\n    }\n  ]\n}\n[/block]\nIf we now select the status tab which is highlighted in red, we can add comments to this particular security requirement and change its status to either \"Closed\", \"Accepted\" or \"Re-open\". The comments provided to these audits are very important to keep a good audit trail of what is going on with the application and the requirements. If done correctly the developers and security specialist can really learn from each-other and look into the steps made to effectively mitigate the vulnerabilities. Now when selecting the audit log tab we can look into the adit log trails.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/51fe09a-project_summary_1.png\",\n        \"project_summary_1.png\",\n        2877,\n        1643,\n        \"#54548f\"\n      ]\n    }\n  ]\n}\n[/block]\nThe screenshot below shows the audit trail from the correlating security requirement. If done correctly this can be very valuable also in identifying potential technical depts from developers and determine whether they need additional training on certain area's.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/bc8014c-project_summary_2.png\",\n        \"project_summary_2.png\",\n        2870,\n        1642,\n        \"#e8e9ef\"\n      ]\n    }\n  ]\n}\n[/block]\nThe application can also be used by security specialist verifying the closed items from developers. As soon as a developer closes an item it gets a green icon, meaning it is open for verification by an security specialist. Whenever the security specialist visits this page he switches his role by selecting the button highlighted in red. After selecting this button the status buttons change to \"Verify\" and \"Failed\". \n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/dc2c4a6-project_summary_3.png\",\n        \"project_summary_3.png\",\n        2870,\n        1643,\n        \"#535490\"\n      ]\n    }\n  ]\n}\n[/block]\nAfter failing a \"ticket\" it gets a red button with a cross and is also reflected in a special \"Failed items summary\". Also the Sprint status is changed and shows it has failed items as seen in the screenshot below highlighted in blue.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/4bed41e-FAIL.png\",\n        \"FAIL.png\",\n        791,\n        858,\n        \"#efeef0\"\n      ]\n    }\n  ]\n}\n[/block]\nWhen clicking this button it shows us  different summary.","excerpt":"The first step for making your application secure by design!","slug":"pre-development-stage","type":"basic","title":"Security requirements sprint"}

Security requirements sprint

The first step for making your application secure by design!

After selecting the view button we find the sprint summary. Here the security requirements are correlated to knowledgebase items to give more in depth information about the attack vectors that corresponds with that item, as wel as the solutions on how to mitigate the attacks in the code. [block:image] { "images": [ { "image": [ "https://files.readme.io/d9fb551-asdasdasas.png", "asdasdasas.png", 2806, 1463, "#dfdfe9" ] } ] } [/block] If we now select the status tab which is highlighted in red, we can add comments to this particular security requirement and change its status to either "Closed", "Accepted" or "Re-open". The comments provided to these audits are very important to keep a good audit trail of what is going on with the application and the requirements. If done correctly the developers and security specialist can really learn from each-other and look into the steps made to effectively mitigate the vulnerabilities. Now when selecting the audit log tab we can look into the adit log trails. [block:image] { "images": [ { "image": [ "https://files.readme.io/51fe09a-project_summary_1.png", "project_summary_1.png", 2877, 1643, "#54548f" ] } ] } [/block] The screenshot below shows the audit trail from the correlating security requirement. If done correctly this can be very valuable also in identifying potential technical depts from developers and determine whether they need additional training on certain area's. [block:image] { "images": [ { "image": [ "https://files.readme.io/bc8014c-project_summary_2.png", "project_summary_2.png", 2870, 1642, "#e8e9ef" ] } ] } [/block] The application can also be used by security specialist verifying the closed items from developers. As soon as a developer closes an item it gets a green icon, meaning it is open for verification by an security specialist. Whenever the security specialist visits this page he switches his role by selecting the button highlighted in red. After selecting this button the status buttons change to "Verify" and "Failed". [block:image] { "images": [ { "image": [ "https://files.readme.io/dc2c4a6-project_summary_3.png", "project_summary_3.png", 2870, 1643, "#535490" ] } ] } [/block] After failing a "ticket" it gets a red button with a cross and is also reflected in a special "Failed items summary". Also the Sprint status is changed and shows it has failed items as seen in the screenshot below highlighted in blue. [block:image] { "images": [ { "image": [ "https://files.readme.io/4bed41e-FAIL.png", "FAIL.png", 791, 858, "#efeef0" ] } ] } [/block] When clicking this button it shows us different summary.