Security Hardening of Artifacts

App

Infra
Facilitates
Security
Info Sec Vulnerability of Patching Artifacts Defect Tracking System
Container Images, VM Artifacts
Collaborates

IT Ops

Reviews and Contributes

to Infra Code Promote to QA
Dev Environment
with security as acceptance criterion
Threat Modelling
Peer Code Review QA Environment
Pulls &
Code Commits
Builds
Promote to Staging
Developer Staging Environment with security as acceptance criterion
Software Component Analysis
Change to Infra / Code Incremental SAST
Security Unit/Function Test
Alert on high-risk code change
Compile build Checks
Prod Environment Baseline security assessment

Monitor Drift from Baseline Security

Smoke Test/Monkeys
DAST Scans Monitoring/Continuous
Code Scan for Security Issues
Deep SAST Scans vulnerability scans
Current on known patches and vulnerabilities ? Automated Security Attacks Red Teaming
Fuzzing Bug Bounties
Pen Testing (Out of Band)
 App
Security Hardening of Artifacts
Infra
Facilitates
Security
Info Sec Vulnerability of Patching Artifacts
Defect Tracking System
Container Images, VM Artifacts
Collaborates

IT Ops

Reviews and Contributes

to Infra Code Promote to QA
Dev Environment
with security as acceptance criterion
Threat Modelling
Peer Code Review QA Environment
Pulls &
Code Commits
Builds
Promote to Staging
Developer Staging Environment with security as acceptance criterion
Software Component Analysis
Change to Infra / Code Incremental SAST
Security Unit/Function Test
Alert on high-risk code change
Compile build Checks
Prod Environment Baseline security assessment

Monitor Drift from Baseline Security

Smoke Test/Monkeys
DAST Scans Monitoring/Continuous
Code Scan for Security Issues
Deep SAST Scans vulnerability scans
Current on known patches and vulnerabilities Automated Security Attacks Red Teaming
Fuzzing Bug Bounties
Pen Testing (Out of Band)