In a recent ‘Ask Me Anything’ live stream, Tanya Janca of We Hack Purple discusses ‘DevSecOps versus Secure SDLC’. This video is approximately 2.5 minutes.
- DevSecOps is you as an AppSec professional, doing your job, in a DevOps environment.
- A secure SDLC is when you add security activities to your system development lifecycle. Preferably in every phase of the SDLC, and formalized (devs cannot avoid it).
- Examples of secure SDLC
- Threat modelling during design
- Adding security requirements & review during requirements gathering
- Reviewing your design for security flaws and to ensure secure deign concepts are applied
- Then Tanya gets off topic and talks about We Hack Purple.