DevOps Classroomnotes 18/Aug/2022

Dependency in Code

  • Any application which developers code, they rely on open source libraries or packages or frameworks for
    • web applications
    • Database connections and query executions (ORM Frameworks)
    • Logging
    • Authentication and Authorizations
    • Notifications.
  • Scanning Dependencies for security risks is a mandatory operation as part of DevSecOps.
  • If we need to scan dependencies from security issues, we need a database of possible vulnerabilities => CVE and NVD

Static vs Dynamic Security Testing

  • Two possible ways to test for security
    • Static:
      • When the tool scans the application with the knowledge of code and reports vulnerability
      • This is called as SAST
    • Dynamic:
      • When the tool scans the application which is running and doesn’t have access to source code.
      • This is called as DAST

OWASP (Open Web Application Security Project® (OWASP))

  • This organization publishes top n issues to be concerned with early.
  • They also give necessary tools to scan
  • Refer Here for OWASP 10:2021
  • As a DevSecOps Engineer, We will be

    • performing SAST during packaging/building the application
    • performing DAST post application deployment
    • Ensuring our application doesnot have any issues mentioned/listed in OWASP TOP 10 (latest year)
  • Exercises:

    • Find information about what the following are
      • GDPR
      • PCI-DSS

Published
Categorized as Uncategorized Tagged

By continuous learner

devops & cloud enthusiastic learner

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Animated Social Media Icons by Acurax Wordpress Development Company

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube