The Secure SDLC Panel Real answers from real experience

The Secure SDLC Panel Real answers from real experience

OWASP Europe Tour 2013 Geneva The OWASP Foundation http://www.owasp.org OpenSAMM Software Assurance Maturity Model Seba Deleersnyder [email protected] OWASP Foundation Board Member OWASP Belgium Chapter Leader SAMM project co-leader Billing APPLICATION ATTACK Human Resrcs Custom Developed Application Code Directories Your security perimeter has huge holes at the application layer Databases Legacy Systems Web Services Application Layer The web application security challenge Web Server Hardened OS Firewall Firewall

Network Layer App Server You cant use network layer protection (firewall, SSL, IDS, hardening) to stop or detect application layer attacks D B T SAMM Build in software assurance proactive reactive security coding guidelines security testing requirements / code reviews dynamic test threat modeling static test tools tools Design Build Test Secure Development Lifecycle (SAMM) 3 vulnerability scanning WAF Production P CLASP Comprehensive, Lightweight Application Security Process Centered around 7 AppSec Best Practices

Cover the entire software lifecycle (not just development) Adaptable to any development process Defines roles across the SDLC 24 role-based process components Start small and dial-in to your needs Microsoft SDL Built internally for MS software Extended and made public for others MS-only versions since public release Touchpoints Gary McGraws and Cigitals model BSIMM Gary McGraws and Cigitals model Quantifies activities of software security initiatives of 51 firms Derived from SAMM beta BSI MM SAMM BSI MM Code SAMM Code SMCode 3.2 - Code SM 3.2 - T 3.3 3.3 CRT1.1 CR- 1.A 1.A CRCR 1.21.1 CRCR 1.B 1.B CRCR 1.41.2 CRCR 2.A 2.A CRCR 3.11.4 CRCR 3.A 3.A

CRCR 3.33.1 CRCR 3.A 3.A CRCR 2.33.3 CRCR 3.B 3.B AACR 1.12.3 DRCR 1.B 1.B AAAA 2.11.1 DRDR 2.A 2.A AAAA 1.22.1 DRDR 2.B 2.B AAAA 1.31.2 DRDR 2.B 2.B AAAA 2.21.3 DRDR 3.A 2.2 EGDR 3.A SMAA 1.3 1.A SM 1.3 EGEG 1.A T 1.1 1.A T 1.1 1.A T 2.5 EGEG 1.A 2.5 1.A SRT1.1 EGEG 1.B

1.B SRSR 1.21.1 EGEG 1.B 1.2 EGEG 1.B CPSR 2.5 2.A CP 2.5 EGEG 2.A T 2.1 2.A T 2.1 2.A T 2.2 EGEG 2.A T 2.2 2.A T 2.4 EGEG 2.A T 2.4 2.A T 3.2 EGEG 2.A T 3.2 2.A T 3.4 EGEG 2.A 3.4 2.A AAT2.3 EGEG 2.B 2.B AAAA 3.12.3 EGEG 2.B 3.1 EGEG 2.B AMAA 2.4

2.B 2.B CRAM 2.52.4 EGEG 2.B 2.5 EGEG 2.B SMCR 2.3 2.B SM 2.3 EGEG 2.B T 1.3 2.B T 1.3 EG 2.B BSI MM Activity O penSAMM Activity MM Activity OpenSAMM Activity run external marketing BSI program 0 runexternal externalsoftw marketing program host are security events 0 0 host top external softw security events (T: training) 0 create N bugs list are (real data preferred) Create review checklists from know n security requirements create N bugs

(real data preferred) (T: training) Perform Createpoint-review review checklists from know have SSGtop perform adlist hoc review of high-risk coden security requirements have SSG perform hoc w review Perform point-review of high-risk code use automated tools ad along ith manual review Utilize automated code analysis tools use automated tools along w ith rules manual review Utilize automated code for analysis tools use automated tools w ith tailored Customize

code analysis application-specifi c concerns usecapability automated w ith tailored Customize code analysis application-specifi c concerns build fortools eradicating specificrules bugs from entire codebase Customize code analysis forfor application-specifi c concerns buildcode capability eradicating c bugs from entire codebase Customize codegates analysis for application-specifi c concerns make reviewfor mandatory forspecifi all projects Establish release for code review make code review mandatory Establish release gates

for ncode review perform security feature review for all projects Analyze design against know security requirements perform feature review Analyze against knowof n security mechanisms requirements defi n e/ use security AA process I nspect fordesign complete provision defin e/design use AA review processfor high-risk applications I nspect for complete provision of security mechanisms perform Deploy design review service for project teams perform design review Deploy design review

service project teams have SSG lead review effofor rts high-risk applications Deploy design review service forfor project teams have SSG lead review eff o rts Deploydata-fl design service for project teams standardize architectural descriptions (include data flo w ) Develop o wreview diagrams for sensitive resources standardize architectural descriptions (include data flo w )Conduct Develop data-flo security w diagrams for sensitive resources educate executives technical aw areness training educate Conduct technical

security areness training provide aw executives areness training Conduct technical security awaw areness training provide aw areness training Conduct technical security areness training hold satellite training/ events Conduct technical security awaw areness training hold security satellite standards training/events Conduct technicaltechnical security guidelines aw areness training create (T: sec features/ design) Build and maintain create security standards (T: sec features/design) Build and maintain

technical guidelines create security portal Build and maintain technical guidelines create executive security portal Build and maintain technical guidelines promote aw areness of compliance/ privacy obligations Conduct role-specifi c application security training executive aw areness of compliance/ privacy obligations Conduct role-specifi c application security training offepromote r role-specifi c advanced curriculum (tools, technology stacks, Conduct bugrole-specifi parade) c application security training offe r role-specifi c advanced (tools, technology stacks, Conduct

bug role-specifi parade)c application c application security training create/ use material specific tocurriculum company history Conduct role-specifi security training material specifi c to company history Conduct role-specifi c application security training offecreate/use r on-demand individual training Conduct role-specifi c application security training offe r on-demand training Conduct role-specifi c application security training provide training forindividual vendors or outsource w orkers Conduct role-specifi c application security

training provide training for vendors or outsource w orkers Conduct role-specifi c application security training require annual refresher Conduct role-specifi c application security training require refresher Conduct role-specifi c application make SSGannual available as AA resource/mentor Utilize security coaches to enhancesecurity project training teams make SSG available as lead AA resource/ mentor Utilize security coaches enhance project teams have softw

are architects review eff o rts Utilize security coaches to to enhance project teams have softw are architects lead review(T: effo rts Utilize security coaches enhance project teams build internal forum to discuss attacks standards/ req) Utilize security coaches to to enhance project teams build tool internal forum to dis cuss attacks (T: standards/req)Utilize Utilize security coaches enhance project teams

assign mentors security coaches to to enhance project teams assign Utilize security coaches enhance project teams create or tool growmentors social netw ork/satellite system Utilize security coaches to to enhance project teams create or grow Utilize security coaches enhance project teams establish SSG offi cesocial hoursnetw ork/ satellite system Utilize security coaches to to enhance project teams

establish SSG offi ce hours Utilize security coaches to enhance project teams BSIMM Open SAMM Mapping Lessons Learned Microsoft SDL Heavyweight, good for large ISVs Touchpoints High-level, not enough details to execute against BSIMM Stats, but what to do with them? CLASP Large collection of activities, but no priority ordering ALL: Good for experts to use as a guide, but hard for non-security folks to use off the shelf D B T P SAMM We need a Maturity Model An organizations behavior changes slowly over time Changes must be iterative while working toward long-term goals There is no single recipe that works for all organizations A solution must enable riskbased choices tailored to the

organization Guidance related to security activities must be prescriptive A solution must provide enough details for nonsecurity-people Overall, must be simple, welldefined, and measurable OWASP Software Assurance Maturity Model (SAMM) https://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model D B T SAMM SAMM Security Practices From each of the Business Functions, 3 Security Practices are defined The Security Practices cover all areas relevant to software security assurance Each one is a silo for improvement P D B T SAMM Under each Security Practice

Three successive Objectives under each Practice define how it can be improved over time This establishes a notion of a Level at which an organization fulfills a given Practice The three Levels for a Practice generally correspond to: (0: Implicit starting point with the Practice unfulfilled) 1: Initial understanding and ad hoc provision of the Practice 2: Increase efficiency and/or effectiveness of the Practice 3: Comprehensive mastery of the Practice at scale P D B T SAMM Per Level, SAMM defines... Objective

Activities Results Success Metrics Costs Personnel Related Levels P D B T P SAMM Strategy & Metrics 1 D B T P SAMM Policy & Compliance 1 D B T P SAMM Education & Guidance 1 D B

T P SAMM Education & Guidance ve a man a fish and you feed him for a day; ach a man to fish and you feed him for a lifetime. A1: Injection A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross Site Request Forgery (CSRF) A6: Security Misconfiguration A7: Failure to Restrict URL Access A8: Insecure Cryptographic Storage A9: Insufficient Transport Layer Protection A10:

Unvalidated Redirects and Forwards inese proverb Resources: OWASP Top 10 OWASP Education WebGoat https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project https://www.owasp.org/index.php/Category:OWASP_Education_Project https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project D B T P SAMM OWASP Cheat Sheets Developer Cheat Sheets (Builder) Authentication Cheat Sheet Choosing and Using Security Questions Cheat Sheet Cross-Site Request Forgery (CSRF) Prevention Cheat Cryptographic Storage Cheat Sheet DOM based XSS Prevention Cheat Sheet Forgot Password Cheat Sheet HTML5 Security Cheat Sheet Input Validation Cheat Sheet JAAS Cheat Sheet Logging Cheat Sheet OWASP Top Ten Cheat Sheet Query Parameterization Cheat Sheet Session Management Cheat Sheet

SQL Injection Prevention Cheat Sheet Transport Layer Protection Cheat Sheet Web Service Security Cheat Sheet XSS (Cross Site Scripting) Prevention Cheat Sheet User Privacy Protection Cheat Sheet Assessment Cheat Sheets (Breaker) Sheet Attack Surface Analysis Cheat Sheet XSS Filter Evasion Cheat Sheet Mobile Cheat Sheets IOS Developer Cheat Sheet Mobile Jailbreaking Cheat Sheet Draft Cheat Sheets Access Control Cheat Sheet Application Security Architecture Cheat Sheet Clickjacking Cheat Sheet Password Storage Cheat Sheet PHP Security Cheat Sheet REST Security Cheat Sheet Secure Coding Cheat Sheet Secure SDLC Cheat Sheet Threat Modeling Cheat Sheet Virtual Patching Cheat Sheet Web Application Security Testing Cheat Sheet https://www.owasp.org/index.php/Cheat_Sheets D B T P SAMM Threat Assessment 1 D B T P

SAMM Security Requirements 1 D B T P SAMM Secure Coding Practices Quick Reference Guide Technology agnostic coding practices What to do, not how to do it Compact, but comprehensive checklist format Focuses on secure coding requirements, rather then on vulnerabilities and exploits Includes a cross referenced glossary to get developers and security folks talking the same language https://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide D B T

P SAMM Secure Architecture 2 D B T P SAMM The OWASP Enterprise Security API Custom Enterprise Web Application SecurityConfiguration IntrusionDetector Logger Exception Handling Randomizer EncryptedProperties Encryptor HTTPUtilities Encoder Validator AccessReferenceMap AccessController User Authenticator

Enterprise Security API Existing Enterprise Security Services/Libraries https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API D B T P SAMM Design Review 2 D B T P SAMM Code Review 2 D B T P SAMM Code Review SDL Integration: Multiple reviews defined as deliverables in your SDLC Structured, repeatable process with management support Reviews are exit criteria for the development and test phases Resources:

OWASP Code Review Guide https://www.owasp.org/index.php/Category:OWASP_Code_Review_Project D B T SAMM Code review tooling Code review tools: OWASP LAPSE (Security scanner for Java EE Applications) MS FxCop / CAT.NET (Code Analysis Tool for .NET) Agnitio (open source Manual source code review support tool) https://www.owasp.org/index.php/OWASP_LAPSE_Project http://www.microsoft.com/security/sdl/discover/implementation.aspx http://agnitiotool.sourceforge.net/ P D B T P SAMM Security Testing 2 D B

T SAMM Security Testing SDL Integration: Integrate dynamic security testing as part of you test cycles Derive test cases from the security requirements that apply Check business logic soundness as well as common vulnerabilities Review results with stakeholders prior to release Resources: OWASP ASVS OWASP Testing Guide https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project https://www.owasp.org/index.php/OWASP_Testing_Project P D B T P SAMM Security Testing Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications

Provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually Features: Intercepting proxy Automated scanner Passive scanner Brute force scanner Spider Fuzzer Port scanner Dynamic SSL Certificates API Beanshell integration https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project D B T P SAMM Vulnerability Management 3 D B T P SAMM Environment Hardening 3 D B T

P SAMM Web Application Firewalls Malicious web traffic Legitimate web traffic Port 80 Web client (browser) Network Firewall Web Application Firewall Web Server ModSecurity: Worlds No 1 open source Web Application Firewall www.modsecurity.org HTTP Traffic Logging Real-Time Monitoring and Attack Detection Attack Prevention and Just-in-time Patching Flexible Rule Engine Embedded Deployment (Apache, IIS7 and Nginx) Network-Based Deployment (reverse proxy) OWASP ModSecurity Core Rule Set Project, generic, plug-n-play set of WAF rules https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Projec D B T P SAMM Operational Enablement

3 150+ OWASP Projects PROTECT Tools: AntiSamy Java/:NET, Enterprise Security API (ESAPI), ModSecurity Core Rule Set Project Docs: Development Guide, .NET, Ruby on Rails Security Guide, Secure Coding Practices - Quick Reference Guide DETECT Tools: JBroFuzz, Lice CD, WebScarab, Zed Attack Proxy Docs: Application Security Verification Standard, Code Review Guide, Testing Guide, Top Ten Project LIFE CYCLE SAMM, WebGoat, Legal Project Mapping Projects / SAMM Project Project AntiSamy AntiSamy Enterprise Security API Enterprise Security API ModSecurity Core Rule Set ModSecurity Core Rule Set CSRFGuard CSRFGuard Web Testing Environment Web Testing Environment WebGoat WebGoat Zed Attack Proxy Zed Attack Proxy Application Security Verification Standard Application Security Verification Standard Application Security Verification Standard Application Security Verification Standard Application Security Verification Standard Application Security Verification Standard Code Review Guide Code Review Guide Codes of Conduct Codes of Conduct Development Guide Development Guide Secure Coding Practices - Quick Reference Guide Secure Coding Practices - Quick Reference Guide

Softw are Assurance Maturity Model Softw are Assurance Maturity Model Testing Guide Testing Guide Top Ten Top Ten Type Level SAMM Practice Remarks Type Level SAMM Practice Remarks Code Flagship SA2 Code Flagship SA2 Project Code Flagship SA3 Project Code Flagship SA3 Broken Web Applications Broken Web Applications Code Flagship EH3 Code Flagship EH3 CSRFTester CSRFTester EnDe Code Flagship SA2 EnDe Code Flagship SA2 Fiddler Addons for Security Testing Tools Flagship ST2 Fiddler Addons for Security Testing Tools Flagship ST2 Forward Exploit Tool Tools Flagship EG2 Forward Exploit Tool Tools Flagship EG2 Hackademic Challenges

Hackademic Challenges Tools Flagship ST2 Datafiddler Tools Flagship ST2 Hatkit Hatkit Datafiddler Hatkit Proxy Documentation Flagship DR2 ASVS-L4 Hatkit Proxy Documentation Flagship DR2 HTTP ASVS-L4 POST Documentation Flagship CR3 ASVS-L4 HTTP POST Documentation Flagship CR3 Java XML Templates ASVS-L4 Documentation Flagship ST3 Java XMLASVS-L4 Templates Documentation Flagship ST3 JavaScript Sandboxes ASVS-L4 JavaScript Sandboxes Documentation Flagship CR1 Vulnerability Scanner Documentation Flagship CR1 Joomla Joomla Vulnerability Scanner LAPSE Documentation Flagship not applicable LAPSE Documentation Flagship notFramework applicable Mantra Security Documentation Flagship EG1 Mantra Security Framework Documentation Flagship EG1 Multil idea Documentation Flagship SR1 Multil idea

Documentation Flagship SR1 O2 O2 Documentation Flagship SM1 Recursiveness :-) Documentation Flagship SM1 Orizon Orizon Recursiveness :-) Srubbr Documentation Flagship ST1 Srubbr Documentation Flagship ST1 Security Assurance Testing of Virtual Worlds Documentation Flagship EG1 Security Assurance Testing of Virtual Worlds Documentation Flagship EG1 Vicnum Vicnum Wapiti Wapiti Web Browser Testing System Web Browser Testing System WebScarab WebScarab Webslayer Webslayer WSFuzzer WSFuzzer Yasca Yasca AppSec Tutorials AppSec Tutorials AppSensor AppSensor AppSensor AppSensor Cloud 10 Cloud 10 CTF CTF Fuzzing Code Fuzzing Code Legal Legal Podcast Podcast Virtual Patching Best Practices Virtual Patching Best Practices

Type Level Type Level Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs

Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs

Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Tools Labs Documentation Labs Documentation Labs Documentation Labs Documentation Labs Documentation Labs Documentation Labs Documentation Labs Documentation Labs Documentation Labs Documentation Labs Documentation Labs Documentation Labs Documentation Labs Documentation Labs Documentation Labs Documentation Labs Documentation Labs Documentation Labs SAMM Practice Remarks SAMM Practice Remarks EG1 EG1 ST1 ST1 ST1 ST1 ST1 ST1 ST1

ST1 EG1 EG1 ST1 ST1 ST1 ST1 ST1 ST1 SA2 SA2 not applicable not applicable ST1 ST1 CR2 CR2 ST1 ST1 EG1 EG1 ST2 ST2 CR2 CR2 ST1 ST1 ST1 ST1 EG1 EG1 ST1 ST1 ST1 ST1 ST1 ST1 ST1 ST1 ST1 ST1 CR2 CR2 EG1 EG1 EH3

EH3 SA2 SA2 EG1 EG1 EG1 EG1 ST1 ST1 SR3 SR3 EG1 EG1 EH3 EH3 3 Coverage Strategy & Metrics Strategy & Metrics SM1 1 SM1 1 SM2 0 SM2 0 SM3 0 SM3 0 Threat Assessment Threat Assessment TA1 0 TA1 0 TA2 0 TA2 0 TA3 0

TA3 0 Design Review Design Review DR1 0 DR1 0 DR2 1 DR2 1 DR3 0 DR3 0 1 0 1 Governance Governance Policy & Compliance Policy & Compliance PC1 0 PC1 0 PC2 0 PC2 0 PC3 0 PC3 0 1 0 1

Construction Construction Security Requirements Security Requirements SR1 1 SR1 1 SR2 0 SR2 0 SR3 1 SR3 1 Verification Verification Code Review Code Review CR1 1 CR1 1 CR2 3 CR2 3 CR3 1 CR3 1 0 2 5 Education & Guidance Education & Guidance EG1 10 EG1 10 EG2

1 EG2 1 EG3 0 EG3 0 0 Security Architecture Security Architecture SA1 0 SA1 0 SA2 4 SA2 4 SA3 1 SA3 1 2 Security Testing Security Testing ST1 18 ST1 18 ST2 3 ST2 3 ST3 1 ST3 1 5 11 11 12 12 5

7 5 22 22 Deployment Deployment Vulnerability Management Environment Hardening Operational Hardening Vulnerability Management Environment Hardening Operational Hardening VM1 0 EH1 0 OE1 0 VM1 0 EH1 0 OE1 0 VM2 0 EH2 0 OE2 0 VM2 0 EH2 0 OE2 0 VM3 0 EH3 3 OE3 0 VM3 0

EH3 3 OE3 0 0 3 0 0 3 0 7 28 28 3 3 3 D B T SAMM Get started Step 1: questionnaire as-is Step 2: define your maturity goal Step 3: define phased roadmap P D B

T SAMM Conducting assessments SAMM includes assessment worksheets for each Security Practice P D B T SAMM Assessment process Supports both lightweight and detailed assessments P D B T SAMM Creating Scorecards Gap analysis Capturing scores from detailed assessments versus expected performance levels Demonstrating improvement Capturing scores from before and after an iteration of assurance program build-out Ongoing measurement Capturing scores over consistent time frames for an assurance program that is already in place P D B

T SAMM Roadmap templates To make the building blocks usable, SAMM defines Roadmaps templates for typical kinds of organizations Independent Software Vendors Online Service Providers Financial Services Organizations Government Organizations Tune these to your own targets / speed P SAMM Resources www.opensamm.org Presentations Tools Assessment worksheets / templates Roadmap templates Scorecard chart generation Translations (Spanish / Japanese) SAMM mappings to ISO/EIC 27034 / BSIMM 4 Critical Success Factors Get initiative buy-in from all stakeholders Adopt a risk-based approach

Awareness / education is the foundation Integrate security in your development / acquisition and deployment processes Provide management visibility 4 Project Roadmap Build the SAMM community: List of SAMM adopters Workshops at AppSecEU and AppSecUSA V1.1: Incorporate tools / guidance / OWASP projects Revamp SAMM wiki V2.0: Revise scoring model Model revision necessary ? (12 practices, 3 levels, ...) Application to agile Roadmap planning: how to measure effort ? Presentations & teaching material 4 Get involved Use and donate back! Attend OWASP chapter meetings and conferences Support OWASP become personal/company member https://www.owasp.org/index.php/Membership Q&A Thank you @sebadele [email protected] [email protected] www.linkedin.com/in/sebadele

Recently Viewed Presentations

  • S1 Science Acids and Bases REVISION NEW LEARNING

    S1 Science Acids and Bases REVISION NEW LEARNING

    Common laboratory acids include hydrochloric acid, sulphuric acid and nitric acid Experiment Test the pH of some household acids and compare them to the pH of laboratory acids
  • Hellp Syndrome- a Therapeutic Challenge

    Hellp Syndrome- a Therapeutic Challenge

    HELLP Syndrome- A Therapeutic Challenge Layali Jodeh Razan Malhees 5th year mdical students ERITHROCYTIC MORPHOLOGY PLATELET DISORDERS RENAL COMPROMISE HEPATIC DISORDERS IMMUNOLOGIC DISORDERS GENETIC DISORDERS The Causal Factors induce: Thrombocytopenia Microangiopathic Hemolytic Anemia Periportal necrosis and distension of the liver´s...
  • Believe it or not…… CDI metrics tell the whole story SC ADCIS ...

    Believe it or not…… CDI metrics tell the whole story SC ADCIS ...

    Actual value of the query. Possible/Potential financial impact- Thoughts??? Scenario 1: CDI posts a query for MCC. Physician rounds and documents another diagnosis that = MCC. The CDI query is no longer . capturable. in the data for financial impact....
  • It is a truth universally acknowledged that a

    It is a truth universally acknowledged that a

    At last, Lady Russell drew back her head. Now, how would she speak of him? "You will wonder," said she, "what has been fixing my eye so long; but I was looking after some window-curtains, which Lady Alicia and Mrs....
  • Washington State University Office for Equal Opportunity

    Washington State University Office for Equal Opportunity

    The WSU Title IX Coordinator and the ADA Coordinator are housed in CRCI. Title IX is a federal law prohibiting sex discrimination in program receiving federal financial assistance, which includes this university. ADA stands for Americans with Disabilities Act, which...
  • Folie 1 - LSM

    Folie 1 - LSM

    Courses at the LSM Thesis Advisory Committee Graduate School Life Science Munich From Molecules to Systems Registration at the LMU Registration at the LMU LSM lecture Soft Skills Workshops Method Workshops Retreats Thesis Advisory Committee Courses at the LSM Thesis...
  • New Economic Thinking, Teaching and Policy Perspectives: A

    New Economic Thinking, Teaching and Policy Perspectives: A

    O objetivo do presente trabalho é de possibilitar a avaliação do comportamento em fadiga do conjunto umbilical e sistema de fixação do "bend-stiffener" e centralizador, simulando os esforços cíclicos de flexão e tração axial durante sua operação em águas profundas.
  • MINDING MEMBER MATTERS Kimberly Jeffries Leonard, National Vice

    MINDING MEMBER MATTERS Kimberly Jeffries Leonard, National Vice

    M is our a priority in our KEYS TO SUCCESS!. Our Keys to Success #1 Member Relationships . The heart of . Linkdom. is its members. The organization's primary focus is recruiting and retaining members of varied ages, backgrounds and...