DevSecOps Progress and Maturity Models
Positioning DevSecOps in your LifeCycle
Threat Modeling
- Threat Modeling is a process by which potential threats, such as structural vulnerabilities, can be identified, enumerated and prioritiezed – all from a hypothetical attackers point of view
- Refer Here
- One of the popular threat modeling is STRIDE
- For doing Threat Modelling there are many tools
Secure Code Standards
Static Code Analysis Testing
- Static Application Security Testing (SAST)
- Examines the Source code to identify weaknesss that can lead to security vulnerabilities
- Features of SAST
- Read the Source code
- Language Specific scanner
- Fast and automated
- Finds weaknesses early
- Refer Here for the list of source code security analyzers
Vulnerability Scanning
- Software Composition Analysis (SCA)
- Checks Open source components against known vulnerabilities
- Dynamic Application Security Testing (DAST)
- Vulnerability Scanners run on completed (compiled) code
