July 2018
Intermediate to advanced
356 pages
9h 18m
English
Content preview from Hands-On Security in DevOps
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Deliverables and development team self-assessment
The deliverables for a development include threat modeling, design, and coding. The following table summarizes examples of self-assessment metrics for a development team:
|
Deliverables |
Self-assessment checklist |
|
Threat modeling analysis report |
Does the threat modeling analysis cover STRIDE six-threat analysis? Does the diagram include all components, data flows, and trust boundaries? Are all the threat mitigations effective and incorporated into the release plan? Does the threat modeling analysis cover all the new features and the previously released risks? Sharing effective threat mitigation as a case study. |
|
Secure coding analysis report |
Do any static secure code scanning ... |