Published: 28 November 2017
Summary
Technical professionals responsible for development, security and/or operations of applications must adapt practices to support modern secure DevOps trends. This assessment covers strategies and tooling that can be used to integrate application security throughout a software development life cycle.
Included in Full Research
- Review Patterns of Application Security Focus
- Map Application Security to the Gartner DevSecOps Model
- Build Security Into the Design Phase
- Translate Security Requirements
- Adapt Threat Modeling Practices
- Distribute and Promote Secure Coding Practices
- Automate Governance of Open-Source Software
- Choose Relevant Tooling for Development Verification
- Leverage Software Composition Analysis as Part of Verification
- Integrate Application Security Testing in Secure DevOps
- Integrate Fuzzing in Secure DevOps
- Handle Output of Verification Tooling
- Use Externalized Security Options
- Apply Application Protection Before Delivery
- Deploy Network-Based Application Protection
- Address Container and Infrastructure Security
- Continuously Monitor Applications With Production Security Monitoring
- Ensure You Haven't Missed Something
- Strengths
- Weaknesses
- Gartner Welcomes Your Feedback
- Establish a Basic Secure DevOps Pipeline When Just Starting
- Standardize Your SDLC Processes and Tooling First
- Select Security Tooling That Integrates With SDLC Systems
- Resign Yourself to Semiautomation With Secure Design Activities
- Avoid Excessive Focus on Secure Design
- DevOps Practices and Technology
- Open-Source Software Options in a Secure DevOps Toolchain