In a recent ‘Ask Me Anything’ live stream, Tanya Janca of We Hack Purple discusses ‘DevSecOps versus Secure SDLC’. This video is approximately 2.5 minutes.
- DevSecOps is you as an AppSec professional, doing your job, in a DevOps environment.
- A secure SDLC is when you add security activities to your system development lifecycle. Preferably in every phase of the SDLC, and formalized (devs cannot avoid it).
- Examples of secure SDLC
-Threat modelling during design
-Adding security requirements & review during requirements gathering
-Reviewing your design for security flaws and to ensure secure deign concepts are applied
- Then Tanya gets off topic and talks about We Hack Purple.