Scribd Logo
Upload

Welcome to Scribd!

  • Devsecops Security Controls: Development Operations

    Uploaded by

    bsrprop
    116 views1 page

    Original Title

    DevSecOps Workflow

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    116 views1 page

    Devsecops Security Controls: Development Operations

    Uploaded by

    bsrprop

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    DEVELOPMENT DevSecOps Security Controls OPERATIONS

    SPRINT

    SPRINT
    1
    Secure by Design Security Tests Infrastructure &
    Secure code
    2 8 Application
    14
    training Gather threat and abuse
    case models and
    DAST: Perform App
    specific automated 13 Protection Data Protection
    CI Server Apply infrastructure
    Engineers gain security testing and Protect and monitor
    security requirements. hardening, data
    knowledge and
    awareness of
    Adopt reusable 7 deploys to test dynamic container
    analysis.
    the app and cluster
    using RASP/WAF
    encryption endpoint
    Secure-by-default Automated protection, DLP and IPS.
    AppSec principles design patterns. Validate controls are and container
    deployment via sand-boxing
    and responsibilities. Infrastructure as Code mitigating the abuse
    case threat vectors.
    Pre-commit
    3 configuration for
    secret scanning Composition Security review
    Privileged access,
    6 Analysis 9 human logic test
    12 secrets Vulnerability
    SPRINT

    Secure access
    to app. code & Analyse Third
    Conduct Penetration
    testing where it management & 15 scanning
    image repository Party/Open Source network isolation
    makes sense. (Might Ensure continuous
    libraries. Reuse secure
    not be needed for Implement tight assessment & automated
    Implement least code only and comply
    every sprint). network & access CIS benchmarking of build
    privilege RBAC and n/w with OSS licensing.
    policy, by locking down and deployed images and
    isolation to code and
    clusters/pods/VMs. environments.
    private container
    repository.
    Use secrets
    Infrastructure as code
    management and Continuous monitoring
    version controlled.
    automated certificate
    & Incident Response
    Image Assurance
    handling. 16
    Secure access to Analyse intrusion / breach alerts
    10 and threat intelligence. Log
    4 CI service
    Code Analysis
    Validate image integrity
    signatures, and that Deploy to attacks, behaviours and threats,
    Prevent unauthorised assurance policies are 11 Production to respond, learn from, and apply
    GATES manipulation of the 5 SAST: Analyse code for met to proceed to prod. Automated
    to next sprint.
    pipeline itself with RBAC vulnerabilities. IDE and
    deployment by
    Automated and separation of build server integrated
    Infrastructure as Code. IaC
    Rinse & Repeat
    duties. with remediation
    compliance and security Improve and enforce
    advice.
    Sign-off testing. governance.
    17
    SPRINT

    SECURITY v1.0 - Sep 2020


    ©Copyright 2020 - Accelera Group Pty Ltd

    www.accelera.com.au/DevSecOps

    You might also like