DevOps Classroomnotes 07/Apr/2022

DevSecOps Progress and Maturity Models

Positioning DevSecOps in your LifeCycle


Threat Modeling

  • Threat Modeling is a process by which potential threats, such as structural vulnerabilities, can be identified, enumerated and prioritiezed – all from a hypothetical attackers point of view
  • Refer Here
  • One of the popular threat modeling is STRIDE
  • For doing Threat Modelling there are many tools

Secure Code Standards

Static Code Analysis Testing

  • Static Application Security Testing (SAST)
    • Examines the Source code to identify weaknesss that can lead to security vulnerabilities
  • Features of SAST
    • Read the Source code
    • Language Specific scanner
    • Fast and automated
    • Finds weaknesses early
  • Refer Here for the list of source code security analyzers

Vulnerability Scanning

  • Software Composition Analysis (SCA)
    • Checks Open source components against known vulnerabilities
  • Dynamic Application Security Testing (DAST)
    • Vulnerability Scanners run on completed (compiled) code

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner