SlideShare una empresa de Scribd logo

Adopsi Open SAMM untuk Pengembangan Tata Kelola Pengamanan Perangkat Lunak

Descargar como PPT, PDF
Directorate of Information Security | Ditjen Aptika
Directorate of Information Security | Ditjen Aptika

This document discusses guidelines for software security governance and development. It covers topics like strategy and metrics, security requirements, secure architecture, design and code reviews, security testing, vulnerability management, and operational enablement. It also provides examples of implementing account security, session management, and input/output handling securely. One section examines man-in-the-middle attacks and how to design construction and implementation to address such threats.

Tecnología
1 de 15
TATA KELOLA PENGAMANAN PERANGKAT LUNAK Kementrian Komunikasi dan Informatika
Information Security CONFIDENTIAL
Introduction CONFIDENTIAL
Introduction CONFIDENTIAL
Introduction CONFIDENTIAL
Introduction Security Guideline CONFIDENTIAL
Open SAMM Secure Software Development Governance Construction Verification • Strategy & Metrics • Threat Assessment • Policy and Compliance • Security Requirements • • Education and Guidance • Secure Architecture • • Design Review Deployment • Code Review Security Testing Vulnerability Management Environment Hardening • CONFIDENTIAL • Operational Enablement
Information Security Institute Requirement • • • Security Requirement Setting up Phase Gates Risk Assessment Design • • • Identify Design Sec. Req. Arch and Design Review Threat Modeling • Srv. Configuration Review Net. Configuration Review • • • Vulnerability Assessment Fuzzing Coding • • Coding Best Practice Perform Static Analysis CONFIDENTIAL Deployment Testing
FoundStone - McAfee Requirement Design Implementation Verification Release SANS Institute Analysis and Design Develop Testing and Implementation CONFIDENTIAL Deployment Support and Services
How About? Secure Software Development Governance • • • Construction Strategy & Metrics Policy and Compliance Education and Guidance • • • Verification Implementation • Coding w/ Best Practice Guidance • • • • • Threat Assessment Security Requirements Secure Architecture CONFIDENTIAL Deployment Vulnerability Management Environment Hardening Operational Enablement Design Review Code Review Security Testing
Implementation Implementation Account Security Mechanism • • • • • Username & Password Quality Account and Password Ages Policy Lock Account Policy Lockout Duration Transmission Process Session Management • • • • Session Termination Cookies Management Dynamic Token Multiple Session CONFIDENTIAL Input & Output Based Handling • • • • Input Validation Display Error File Validation Meta Character Filtering
Sample Case CONFIDENTIAL
Man in the Middle Attack CONFIDENTIAL
Man in the Middle Attack Threat Assessment Construction Security Requirement Implementation Security Architecture Account Security Mechanism CONFIDENTIAL Session Management
Terima Kasih Q and A CONFIDENTIAL

Recomendados

IPNEC - Security Services
IPNEC - Security ServicesIPNEC - Security Services
IPNEC - Security Services
Abdus Saboor
 
'SecureMe - Droid' Android Security Application by Vishal Asthana
'SecureMe - Droid' Android Security Application by Vishal Asthana'SecureMe - Droid' Android Security Application by Vishal Asthana
'SecureMe - Droid' Android Security Application by Vishal Asthana
OWASP Delhi
 
A Brief Insight into Penetration Testing
A Brief Insight into Penetration TestingA Brief Insight into Penetration Testing
A Brief Insight into Penetration Testing
Vikram Khanna
 
From rogue one to rebel alliance by Peter Chestna
From rogue one to rebel alliance by Peter ChestnaFrom rogue one to rebel alliance by Peter Chestna
From rogue one to rebel alliance by Peter Chestna
DevSecCon
 
Devops: Security's big opportunity by Peter Chestna
Devops: Security's big opportunity by Peter ChestnaDevops: Security's big opportunity by Peter Chestna
Devops: Security's big opportunity by Peter Chestna
DevSecCon
 
Continuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-SecurityContinuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-Security
Stephen de Vries
 
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...
Black Duck by Synopsys
 
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
Black Duck by Synopsys
 

Recomendados

IPNEC - Security Services
IPNEC - Security ServicesIPNEC - Security Services
IPNEC - Security Services
Abdus Saboor
 
'SecureMe - Droid' Android Security Application by Vishal Asthana
'SecureMe - Droid' Android Security Application by Vishal Asthana'SecureMe - Droid' Android Security Application by Vishal Asthana
'SecureMe - Droid' Android Security Application by Vishal Asthana
OWASP Delhi
 
A Brief Insight into Penetration Testing
A Brief Insight into Penetration TestingA Brief Insight into Penetration Testing
A Brief Insight into Penetration Testing
Vikram Khanna
 
From rogue one to rebel alliance by Peter Chestna
From rogue one to rebel alliance by Peter ChestnaFrom rogue one to rebel alliance by Peter Chestna
From rogue one to rebel alliance by Peter Chestna
DevSecCon
 
Devops: Security's big opportunity by Peter Chestna
Devops: Security's big opportunity by Peter ChestnaDevops: Security's big opportunity by Peter Chestna
Devops: Security's big opportunity by Peter Chestna
DevSecCon
 
Continuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-SecurityContinuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-Security
Stephen de Vries
 
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...
Black Duck by Synopsys
 
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
Black Duck by Synopsys
 
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon
 
FLIGHT WEST 2018 - Presentation - SCA 101: How to Manage Open Source Security...
FLIGHT WEST 2018 - Presentation - SCA 101: How to Manage Open Source Security...FLIGHT WEST 2018 - Presentation - SCA 101: How to Manage Open Source Security...
FLIGHT WEST 2018 - Presentation - SCA 101: How to Manage Open Source Security...
Black Duck by Synopsys
 
[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life
OWASP
 
DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017
Suman Sourav
 
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Kyle Lai
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps Journey
Veracode
 
What is penetration testing and career path
What is penetration testing and career pathWhat is penetration testing and career path
What is penetration testing and career path
Vikram Khanna
 
FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub
FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck HubFLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub
FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub
Black Duck by Synopsys
 
Testing Tools and Tips
Testing Tools and TipsTesting Tools and Tips
Testing Tools and Tips
SoftServe
 
Security in Android Application
Security in Android ApplicationSecurity in Android Application
Security in Android Application
Rishabh Gupta
 
Managing Open Source in Application Security and Software Development Lifecycle
Managing Open Source in Application Security and Software Development LifecycleManaging Open Source in Application Security and Software Development Lifecycle
Managing Open Source in Application Security and Software Development Lifecycle
Black Duck by Synopsys
 
application firewall research proposal
application firewall research proposalapplication firewall research proposal
application firewall research proposal
Peter Cheung
 
Security testing-What can we do - Trinh Minh Hien
Security testing-What can we do - Trinh Minh HienSecurity testing-What can we do - Trinh Minh Hien
Security testing-What can we do - Trinh Minh Hien
Ho Chi Minh City Software Testing Club
 
Practical DevSecOps - Arief Karfianto
Practical DevSecOps - Arief KarfiantoPractical DevSecOps - Arief Karfianto
Practical DevSecOps - Arief Karfianto
idsecconf
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
Threat Stack
 
Introduction to Penetration testing and tools
Introduction to Penetration testing and toolsIntroduction to Penetration testing and tools
Introduction to Penetration testing and tools
Vikram Khanna
 
What is penetration testing
What is penetration testingWhat is penetration testing
What is penetration testing
sakshisoni076
 
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world casesDevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon
 
Why Serverless is scary without DevSecOps and Observability
Why Serverless is scary without DevSecOps and ObservabilityWhy Serverless is scary without DevSecOps and Observability
Why Serverless is scary without DevSecOps and Observability
Eficode
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle
1&1
 
Peningkatan Keamanan Informasi Layanan Publik melalui Indeks KAMI- Kasubdit B...
Peningkatan Keamanan Informasi Layanan Publik melalui Indeks KAMI- Kasubdit B...Peningkatan Keamanan Informasi Layanan Publik melalui Indeks KAMI- Kasubdit B...
Peningkatan Keamanan Informasi Layanan Publik melalui Indeks KAMI- Kasubdit B...
Directorate of Information Security | Ditjen Aptika
 
Tata Kelola Keamanan Informasi
Tata Kelola Keamanan InformasiTata Kelola Keamanan Informasi
Tata Kelola Keamanan Informasi
Directorate of Information Security | Ditjen Aptika
 

Más contenido relacionado

La actualidad más candente

[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life
OWASP
 
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Kyle Lai
 
Managing Open Source in Application Security and Software Development Lifecycle
Managing Open Source in Application Security and Software Development LifecycleManaging Open Source in Application Security and Software Development Lifecycle
Managing Open Source in Application Security and Software Development Lifecycle
Black Duck by Synopsys
 
Security testing-What can we do - Trinh Minh Hien
Security testing-What can we do - Trinh Minh HienSecurity testing-What can we do - Trinh Minh Hien
Security testing-What can we do - Trinh Minh Hien
Ho Chi Minh City Software Testing Club
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
Threat Stack
 

La actualidad más candente (20)

DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
 
FLIGHT WEST 2018 - Presentation - SCA 101: How to Manage Open Source Security...
FLIGHT WEST 2018 - Presentation - SCA 101: How to Manage Open Source Security...FLIGHT WEST 2018 - Presentation - SCA 101: How to Manage Open Source Security...
FLIGHT WEST 2018 - Presentation - SCA 101: How to Manage Open Source Security...
 
[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life
 
DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017DevSecOps-OWASP Indonesia Day 2017
DevSecOps-OWASP Indonesia Day 2017
 
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2Pactera - App Security Assessment - Mobile, Web App, IoT - v2
Pactera - App Security Assessment - Mobile, Web App, IoT - v2
 
A Secure DevOps Journey
A Secure DevOps JourneyA Secure DevOps Journey
A Secure DevOps Journey
 
What is penetration testing and career path
What is penetration testing and career pathWhat is penetration testing and career path
What is penetration testing and career path
 
FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub
FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck HubFLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub
FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub
 
Testing Tools and Tips
Testing Tools and TipsTesting Tools and Tips
Testing Tools and Tips
 
Security in Android Application
Security in Android ApplicationSecurity in Android Application
Security in Android Application
 
Managing Open Source in Application Security and Software Development Lifecycle
Managing Open Source in Application Security and Software Development LifecycleManaging Open Source in Application Security and Software Development Lifecycle
Managing Open Source in Application Security and Software Development Lifecycle
 
application firewall research proposal
application firewall research proposalapplication firewall research proposal
application firewall research proposal
 
Security testing-What can we do - Trinh Minh Hien
Security testing-What can we do - Trinh Minh HienSecurity testing-What can we do - Trinh Minh Hien
Security testing-What can we do - Trinh Minh Hien
 
Practical DevSecOps - Arief Karfianto
Practical DevSecOps - Arief KarfiantoPractical DevSecOps - Arief Karfianto
Practical DevSecOps - Arief Karfianto
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
 
Introduction to Penetration testing and tools
Introduction to Penetration testing and toolsIntroduction to Penetration testing and tools
Introduction to Penetration testing and tools
 
What is penetration testing
What is penetration testingWhat is penetration testing
What is penetration testing
 
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world casesDevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
 
Why Serverless is scary without DevSecOps and Observability
Why Serverless is scary without DevSecOps and ObservabilityWhy Serverless is scary without DevSecOps and Observability
Why Serverless is scary without DevSecOps and Observability
 
Secure Software Development Lifecycle
Secure Software Development LifecycleSecure Software Development Lifecycle
Secure Software Development Lifecycle
 

Destacado

Destacado (20)

Peningkatan Keamanan Informasi Layanan Publik melalui Indeks KAMI- Kasubdit B...
Peningkatan Keamanan Informasi Layanan Publik melalui Indeks KAMI- Kasubdit B...Peningkatan Keamanan Informasi Layanan Publik melalui Indeks KAMI- Kasubdit B...
Peningkatan Keamanan Informasi Layanan Publik melalui Indeks KAMI- Kasubdit B...
 
Tata Kelola Keamanan Informasi
Tata Kelola Keamanan InformasiTata Kelola Keamanan Informasi
Tata Kelola Keamanan Informasi
 
Permen Kominfo No 19 Tahun 2014 tentang Penanganan Situs Internet Bermuatan N...
Permen Kominfo No 19 Tahun 2014 tentang Penanganan Situs Internet Bermuatan N...Permen Kominfo No 19 Tahun 2014 tentang Penanganan Situs Internet Bermuatan N...
Permen Kominfo No 19 Tahun 2014 tentang Penanganan Situs Internet Bermuatan N...
 
PENANGANAN SITUS INTERNET BERMUATAN NEGATIF
PENANGANAN SITUS INTERNET BERMUATAN NEGATIFPENANGANAN SITUS INTERNET BERMUATAN NEGATIF
PENANGANAN SITUS INTERNET BERMUATAN NEGATIF
 
Revisi Permenkominfo 5/2015
Revisi Permenkominfo 5/2015Revisi Permenkominfo 5/2015
Revisi Permenkominfo 5/2015
 
sertifikasi personil dalam iso 27001-fetri miftach workshop 7 desember
sertifikasi personil dalam iso 27001-fetri miftach workshop 7 desembersertifikasi personil dalam iso 27001-fetri miftach workshop 7 desember
sertifikasi personil dalam iso 27001-fetri miftach workshop 7 desember
 
DR. Taufik Hasan - Aplikasi Pendukung Interoperabilitas Dokumen untuk Indonesia
DR. Taufik Hasan - Aplikasi Pendukung Interoperabilitas Dokumen untuk IndonesiaDR. Taufik Hasan - Aplikasi Pendukung Interoperabilitas Dokumen untuk Indonesia
DR. Taufik Hasan - Aplikasi Pendukung Interoperabilitas Dokumen untuk Indonesia
 
Budaya keamanan informasi dari perspektif psikologi ia-14 mar2012
Budaya keamanan informasi dari perspektif psikologi ia-14 mar2012Budaya keamanan informasi dari perspektif psikologi ia-14 mar2012
Budaya keamanan informasi dari perspektif psikologi ia-14 mar2012
 
Global informationsecurityissue_ZainalHasibuan
Global informationsecurityissue_ZainalHasibuanGlobal informationsecurityissue_ZainalHasibuan
Global informationsecurityissue_ZainalHasibuan
 
02. R U Sure U R Secure
02. R U Sure U R Secure02. R U Sure U R Secure
02. R U Sure U R Secure
 
Rusmanto - Pengantar PDF dan Aplikasi Open Source terkait PDF
Rusmanto - Pengantar PDF dan Aplikasi Open Source terkait PDFRusmanto - Pengantar PDF dan Aplikasi Open Source terkait PDF
Rusmanto - Pengantar PDF dan Aplikasi Open Source terkait PDF
 
Sovereignty in Cyberspace
Sovereignty in CyberspaceSovereignty in Cyberspace
Sovereignty in Cyberspace
 
Information Security Governance
Information Security GovernanceInformation Security Governance
Information Security Governance
 
Tasdik Kinanto - Interoperabilitas Dokumen Perkantoran dalam e-Government
Tasdik Kinanto - Interoperabilitas Dokumen Perkantoran dalam e-GovernmentTasdik Kinanto - Interoperabilitas Dokumen Perkantoran dalam e-Government
Tasdik Kinanto - Interoperabilitas Dokumen Perkantoran dalam e-Government
 
Personal security
Personal securityPersonal security
Personal security
 
Security Development Life Cycle
Security Development Life CycleSecurity Development Life Cycle
Security Development Life Cycle
 
Protecting Data Privacy
Protecting Data PrivacyProtecting Data Privacy
Protecting Data Privacy
 
Developing a Legal Framework for Privacy
Developing a Legal Framework for PrivacyDeveloping a Legal Framework for Privacy
Developing a Legal Framework for Privacy
 
04. SAKTTI Introduction
04. SAKTTI Introduction04. SAKTTI Introduction
04. SAKTTI Introduction
 
20111214 iisf shinoda_
20111214 iisf shinoda_20111214 iisf shinoda_
20111214 iisf shinoda_
 

Similar a Adopsi Open SAMM untuk Pengembangan Tata Kelola Pengamanan Perangkat Lunak

ONE Conference: Vulnerabilities in Web Applications
ONE Conference: Vulnerabilities in Web ApplicationsONE Conference: Vulnerabilities in Web Applications
ONE Conference: Vulnerabilities in Web Applications
Netcetera
 
Application_security_Strategic
Application_security_StrategicApplication_security_Strategic
Application_security_Strategic
Ramesh VG
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
Cprime
 
Digital Product Security
Digital Product SecurityDigital Product Security
Digital Product Security
SoftServe
 
Auxenta Services
Auxenta ServicesAuxenta Services
Auxenta Services
Sam Salazar
 
Implementing an Application Security Pipeline in Jenkins
Implementing an Application Security Pipeline in JenkinsImplementing an Application Security Pipeline in Jenkins
Implementing an Application Security Pipeline in Jenkins
Suman Sourav
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
David Lindner
 
SAP Concur’s Cloud Journey
SAP Concur’s Cloud JourneySAP Concur’s Cloud Journey
SAP Concur’s Cloud Journey
SBWebinars
 
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
Brian Levine
 

Similar a Adopsi Open SAMM untuk Pengembangan Tata Kelola Pengamanan Perangkat Lunak (20)

ONE Conference: Vulnerabilities in Web Applications
ONE Conference: Vulnerabilities in Web ApplicationsONE Conference: Vulnerabilities in Web Applications
ONE Conference: Vulnerabilities in Web Applications
 
Application_security_Strategic
Application_security_StrategicApplication_security_Strategic
Application_security_Strategic
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
 
Digital Product Security
Digital Product SecurityDigital Product Security
Digital Product Security
 
ОЛЬГА АКСЬОНЕНКО «Безпечна розробка програмного забезпечення в Agile проектах...
ОЛЬГА АКСЬОНЕНКО «Безпечна розробка програмного забезпечення в Agile проектах...ОЛЬГА АКСЬОНЕНКО «Безпечна розробка програмного забезпечення в Agile проектах...
ОЛЬГА АКСЬОНЕНКО «Безпечна розробка програмного забезпечення в Agile проектах...
 
OctaviusWaltonResume
OctaviusWaltonResumeOctaviusWaltonResume
OctaviusWaltonResume
 
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information Security
 
Auxenta Services
Auxenta ServicesAuxenta Services
Auxenta Services
 
Professional and Technology Services
Professional and Technology ServicesProfessional and Technology Services
Professional and Technology Services
 
Implementing an Application Security Pipeline in Jenkins
Implementing an Application Security Pipeline in JenkinsImplementing an Application Security Pipeline in Jenkins
Implementing an Application Security Pipeline in Jenkins
 
Agile and Secure SDLC
Agile and Secure SDLCAgile and Secure SDLC
Agile and Secure SDLC
 
Secure your Azure and DevOps in a smart way
Secure your Azure and DevOps in a smart waySecure your Azure and DevOps in a smart way
Secure your Azure and DevOps in a smart way
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
 
SAP Concur’s Cloud Journey
SAP Concur’s Cloud JourneySAP Concur’s Cloud Journey
SAP Concur’s Cloud Journey
 
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
 
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOpsDevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
 
Vinoth babu b new
Vinoth babu b newVinoth babu b new
Vinoth babu b new
 
Vinoth Babu B-New
Vinoth Babu B-NewVinoth Babu B-New
Vinoth Babu B-New
 
Vinoth babu b new
Vinoth babu b newVinoth babu b new
Vinoth babu b new
 

Más de Directorate of Information Security | Ditjen Aptika

Más de Directorate of Information Security | Ditjen Aptika (20)

Sosialisasi Keamanan Informasi_Sektor Kesehatan
Sosialisasi Keamanan Informasi_Sektor KesehatanSosialisasi Keamanan Informasi_Sektor Kesehatan
Sosialisasi Keamanan Informasi_Sektor Kesehatan
 
Sosialisasi Keamanan Informasi_Penyelenggaraan Telekomunikasi
Sosialisasi Keamanan Informasi_Penyelenggaraan TelekomunikasiSosialisasi Keamanan Informasi_Penyelenggaraan Telekomunikasi
Sosialisasi Keamanan Informasi_Penyelenggaraan Telekomunikasi
 
Sosialisasi Keamanan Informasi_Sektor Tranportasi
Sosialisasi Keamanan Informasi_Sektor TranportasiSosialisasi Keamanan Informasi_Sektor Tranportasi
Sosialisasi Keamanan Informasi_Sektor Tranportasi
 
Sosialisasi Keamanan Informasi_Bidang Perhubungan Udara
Sosialisasi Keamanan Informasi_Bidang Perhubungan UdaraSosialisasi Keamanan Informasi_Bidang Perhubungan Udara
Sosialisasi Keamanan Informasi_Bidang Perhubungan Udara
 
Sosialisasi Keamanan Informasi_Bidang Mineral dan Batubara
Sosialisasi Keamanan Informasi_Bidang Mineral dan BatubaraSosialisasi Keamanan Informasi_Bidang Mineral dan Batubara
Sosialisasi Keamanan Informasi_Bidang Mineral dan Batubara
 
Sosialisasi Keamanan Informasi_Bidang Ketenagalistrikan
Sosialisasi Keamanan Informasi_Bidang KetenagalistrikanSosialisasi Keamanan Informasi_Bidang Ketenagalistrikan
Sosialisasi Keamanan Informasi_Bidang Ketenagalistrikan
 
Sosialisasi Keamanan Informasi_Bidang Energi Baru, Terbarukan dan Konservasi ...
Sosialisasi Keamanan Informasi_Bidang Energi Baru, Terbarukan dan Konservasi ...Sosialisasi Keamanan Informasi_Bidang Energi Baru, Terbarukan dan Konservasi ...
Sosialisasi Keamanan Informasi_Bidang Energi Baru, Terbarukan dan Konservasi ...
 
Fetri Miftach_Uji publik rpm tata kelola
Fetri Miftach_Uji publik rpm tata kelolaFetri Miftach_Uji publik rpm tata kelola
Fetri Miftach_Uji publik rpm tata kelola
 
Hasyim Gautama_Tata kelola tik 20151118
Hasyim Gautama_Tata kelola tik 20151118Hasyim Gautama_Tata kelola tik 20151118
Hasyim Gautama_Tata kelola tik 20151118
 
Standar rujukan keamanan informasi sub sektor perangkat telekomunikasi
Standar rujukan keamanan informasi sub sektor perangkat telekomunikasiStandar rujukan keamanan informasi sub sektor perangkat telekomunikasi
Standar rujukan keamanan informasi sub sektor perangkat telekomunikasi
 
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_I Made Wiryawan
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_I Made WiryawanDiskusi Publik RPM Perangkat Lunak Sistem Elektronik_I Made Wiryawan
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_I Made Wiryawan
 
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_Junior Lazuardi
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_Junior LazuardiDiskusi Publik RPM Perangkat Lunak Sistem Elektronik_Junior Lazuardi
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_Junior Lazuardi
 
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_DR Hasyim Gautama
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_DR Hasyim GautamaDiskusi Publik RPM Perangkat Lunak Sistem Elektronik_DR Hasyim Gautama
Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_DR Hasyim Gautama
 
Teguh arifiyadi ls skse
Teguh arifiyadi ls skseTeguh arifiyadi ls skse
Teguh arifiyadi ls skse
 
Konny sagala skema kelaikan se
Konny sagala skema kelaikan seKonny sagala skema kelaikan se
Konny sagala skema kelaikan se
 
Intan rahayu tata cara sertifikasi kelaikan sistem elektronik
Intan rahayu tata cara sertifikasi kelaikan sistem elektronikIntan rahayu tata cara sertifikasi kelaikan sistem elektronik
Intan rahayu tata cara sertifikasi kelaikan sistem elektronik
 
Uji Publik RPM SMPI Fetri Miftah
Uji Publik RPM SMPI Fetri MiftahUji Publik RPM SMPI Fetri Miftah
Uji Publik RPM SMPI Fetri Miftah
 
RPM SMPI 20150805 Hasim Gautama
RPM SMPI 20150805 Hasim GautamaRPM SMPI 20150805 Hasim Gautama
RPM SMPI 20150805 Hasim Gautama
 
SNI ISO 27001 Anwar Siregar
SNI ISO 27001 Anwar SiregarSNI ISO 27001 Anwar Siregar
SNI ISO 27001 Anwar Siregar
 
RPM SMPI
RPM SMPIRPM SMPI
RPM SMPI
 

Último

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 

Último (20)

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Adopsi Open SAMM untuk Pengembangan Tata Kelola Pengamanan Perangkat Lunak