AMA: DevSecOps versus Secure SDLC

Written by

Posted on

In a recent ‘Ask Me Anything’ live stream, Tanya Janca of We Hack Purple discusses ‘DevSecOps versus Secure SDLC’. This video is approximately 2.5 minutes.

  • DevSecOps is you as an AppSec professional, doing your job, in a DevOps environment.
  • A secure SDLC is when you add security activities to your system development lifecycle. Preferably in every phase of the SDLC, and formalized (devs cannot avoid it).
  • Examples of secure SDLC
  • Threat modelling during design
  • Adding security requirements & review during requirements gathering
  • Reviewing your design for security flaws and to ensure secure deign concepts are applied
  • Then Tanya gets off topic and talks about We Hack Purple.
For this and more, check out my book, Alice and Bob Learn Application Security and my online training academy, We Hack Purple!
Posted in AMA

About the Author:

Tanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning community that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty five years, won countless awards, and has been everywhere from public service to tech giants, writing software, leading communities, founding companies and ‘securing all the things’. She is an award-winning public speaker, active blogger & podcaster and has delivered hundreds of talks on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives.   Advisor: Nord VPN, Cloud Defense, Aiya Corp Faculty: IANs Research Founder: We Hack Purple, OWASP DevSlop, #CyberMentoringMonday, WoSEC

%d bloggers like this: