Application security testing has been around for a long time, yet successful attacks continue despite significant investments in application security. And we shouldn’t be surprised when we’re applying testing tools developed more than 12 years ago to software development methods only made commonplace in the last 3–5 years. In addition, application security is least understood and often takes a back seat to perimeter and endpoint security. At the same time, there’s a misconception that the cloud provider takes care of all the security, and few people have considered new attack surfaces introduced by containers and orchestration. Tesla showed us the fallacy here.
Traditional application security testing has been targeted to security professionals and is regarded as a separate process from development. This separation and delay creates friction in the process, with many trade-offs required. In an effort to improve application security testing, the new chant has been “shift left” to remove more vulnerabilities earlier and empower the developers.
Lucas Charles (GitLab) examines the shortcomings of most shift-left efforts and how cloud native environments, Agile DevOps processes, and minimum viable products with rapid iteration wreaks havoc on traditional security methodologies. He dives into how to bring security into DevOps while avoiding a complex DevOps toolchain that must be integrated with security testing and explores new ways of thinking of app security to turn the industry on its head by using concurrent DevOps—a method that makes it possible for product, development, QA, security, and operations teams to work at the same time. You’ll learn the three key requirements of your application security process needed to get you onto the road of an efficient and secure software development lifecycle (SDLC).
- Title: Integrating security into modern software development: A workflow study
- Release date: December 2019
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 0636920361718
You might also like
51+ hours of video instruction. Overview The professional programmer’s Deitel® video guide to Python development with …
The Art of Hacking (Video Collection)
26 Hours of Video Instruction Description Your complete guide to help you get up and running …
Secure by Design
Secure by Design teaches you principles and best practices for writing highly secure software. At the …
Microservices Security in Action
Microservices Security in Action is filled with solutions, teaching best practices for throttling and monitoring, access …