DevOps Classroomnotes 07/Apr/2022

DevSecOps Progress and Maturity Models

Positioning DevSecOps in your LifeCycle

Preview

Threat Modeling

  • Threat Modeling is a process by which potential threats, such as structural vulnerabilities, can be identified, enumerated and prioritiezed – all from a hypothetical attackers point of view
  • Refer Here
  • One of the popular threat modeling is STRIDE
    Preview
    Preview
  • For doing Threat Modelling there are many tools

Secure Code Standards

Static Code Analysis Testing

  • Static Application Security Testing (SAST)
    • Examines the Source code to identify weaknesss that can lead to security vulnerabilities
  • Features of SAST
    • Read the Source code
    • Language Specific scanner
    • Fast and automated
    • Finds weaknesses early
  • Refer Here for the list of source code security analyzers

Vulnerability Scanning

  • Software Composition Analysis (SCA)
    • Checks Open source components against known vulnerabilities
  • Dynamic Application Security Testing (DAST)
    • Vulnerability Scanners run on completed (compiled) code

Published
Categorized as Uncategorized Tagged

By continuous learner

devops & cloud enthusiastic learner

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Animated Social Media Icons by Acurax Wordpress Development Company

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube