Shifting left in a DevOps culture is important. This means integrating security testing into the development process as early as possible. This is important because security vulnerabilities can have a significant impact on a company, and it is much more expensive to fix them later in the development cycle.
Insights For Shifting Left Security
π Security testing is just as important as functional and performance testing. In some cases, it is even more important because security vulnerabilities can have a serious impact on a company’s reputation and bottom line.
π DevSecOps is a necessary evolution of DevOps. It is not enough to just have developers and operations teams working together. Security professionals need to be involved in the development process from the beginning to ensure that security is baked into the product.
πͺ¬ There are specialized tools and processes that can help automate security testing. This makes it easier to integrate security testing into the development process and helps to ensure that vulnerabilities are found and fixed early.
π§Ώ Security testing should be a gate in the CI/CD pipeline. This means that code should not be allowed to progress to production if it has security vulnerabilities.
πͺ© Developers should not be expected to be security experts. This is why it is important to have dedicated security professionals on the team.
Β π Security testing should be done throughout the development process, not just at the end. This is because vulnerabilities can be introduced at any stage of development.
Check out another “On The Road” video here.
Sponsors
π₯ Like and Subscribe π₯
The Security Champions show is sponsored by:
π Saltworks Security βΊ https://saltworks.io/
Make sure to visit them and tell them βThank Youβ for making this show possible.
Want to support the show? Buy Me A Coffee! https://bit.ly/3NadcPK
Connect with me π
TWITTER βΊ https://bit.ly/3HmWF8d
LINKEDIN COMPANY βΊ https://bit.ly/3kICS9g
LINKEDIN PROFILE βΊ https://bit.ly/30Eshp7
π Links:
- Scott Moore Consulting: https://scottmoore.consulting
- Perftour Website: https://theperformancetour.com
- SMC Journal: https://smcjournal.com
- DevOps Driving: https://devopsdriving.com
- Security Champions https://thesecuritychampions.com