The rise of DevSecOps movement is largely driven by the need to find a better way to secure what is becoming a complex, highly distributed IT environment. The opportunity now is to foster collaboration between cybersecurity teams and application developers to define DevSecOps processes within the context of a Continuous Integration, Continuous Deployment and Continuous Testing (CI/CD/CT).

ACL Digital’s DevSecOps framework defines a set of best practices for developers to ensure security controls are implemented within applications with appropriate security controls by the Security Operations team. Any new vulnerability discovered is addressed as part of the ongoing updates being made to the application.

Every stage of application development process, whether the application is a container based or in the Kubernetes cluster, is tested and validated using below steps:

Overview-devsecops

 

DevSevOps Framework

 

Vulnerability Assessment

Vulnerability assessment identifies, quantifies, and prioritizes source code and API vulnerabilities, assesses business risks and improves security posture.

Application Security Testing

Application security testing methodology is a combination of information security guidelines and recognized testing methodology standards from sources such as OWASP and SANS.

Source Code Review

The source code review process involves both manual and automated code review which captures the static security issues in the code, producing critical findings and warning.

 

Threat Modelling

Applicable threats are identified in different layers of application architecture from different sources such as hackers, malicious insider threats, remote software and network threats, including asset and potential adversary identification.

Penetration Testing

Penetration testing activities involve an active analysis of the software or application for any potential vulnerabilities like impersonating a potential attacker, that can involve active exploitation of security vulnerabilities.

 

Integrates Security Application development

Integrates Security check point on each phase of Software/Application development

Automates Core security tasks into DevOps workflow

Automates Core security tasks into DevOps workflow

Reduction in number of defects and security flaws

Reduction in number of defects and security flaws

 

Identifies vulnerabilities

Identifies and fixes the vulnerabilities before production release

application Security analysis

Secured cloud native application with Security analysis