Roles: Cyber-Security-Engineer

After reading Secure Design Best Practices, architects who are part of a software development team may find this page useful as the weaknesses are addressed by known security tactics, helping the architect in embedding security throughout the initial design process.

Performing an Attack Surface Analysis includes analyzing the security architecture to identify and document product interfaces and surfaces that could be attacked, as well as consider if there are planned security measures that will provide enough protection against attacks on these surfaces.

To help our customers protect their critical systems and sensitive information from digital attacks security has to be built into our products.
Therefore, the Cyber Security process is an integrated part of most of the PCP R&D processes.
This page contains an overview of securityrelated activities within PCP R&D, and additional information can be found under respective process area in the QMS.

All ABB products or system offerings which are softwarerelated need to fulfill some mandatory cyber security requirements as described in the CFSCP02 Information & Cyber Security Policy.

This guide gives an overview of the suggested course path for education about the cyber security lifecycle for teams that work with ABB products, systems, or solution offerings that are software related.

The cyber security engineer is knowledgeable in productrelated security issues and assists other roles in writing cyber security requirements, assisting with secure design, secure coding practices, security testing of software for products or systems, and assisting the product maintenance, e.g., with vulnerability handling.

When starting a new project there are several tasks to be performed to ensure that tools and systems are well set up when M0/G0, M1/G1, and M2/G2 are reached.

Binary composition analysis is a method used to examine the components inside binary files to detect and manage security risks. This guide describes how to perform such analysis with Black Duck Binary Analysis (BDBA).

The ABB Cyber Security Assessment Tool Importer is an internal utility tool used to import the security requirements from various assessment spreadsheets into Azure DevOps (ADO) as security work items.

Secure coding standards are guidelines, best practices, and coding conventions that can be used by software developers to prevent security vulnerabilities and improve the overall quality of the software during the software design & development phases.

This document describes the secure coding guidelines for the .NET programming language. Some of the guidelines are generic, whereas some are specific to the .NET programming language.

This document describes the secure coding guidelines for ReactJS. Some of the guidelines are generic, whereas others are specific to ReactJS.

This chapter gives some basic best practices for a secure software design. Assessing how security is addressed in the design of a product is one important step to ensure that the product meets the best security level and can be done at various points in a product lifecycle.

The Security Criticality Analysis is performed to identify which of the components in a product are important to pay extra attention to when trying to minimize the risk of vulnerabilities.

Introduction

After reading Secure Design Best Practices, this page describes some weaknesses around concepts that are frequently used or encountered in software development environments. This includes all aspects of the software development lifecycle including implementation.