AMA: DevSecOps versus Secure SDLC

Ask Me Anything Live Streams at!

In a recent ‘Ask Me Anything’ live stream, Tanya Janca of We Hack Purple discusses ‘DevSecOps versus Secure SDLC’. This video is approximately 2.5 minutes.

  • DevSecOps is you as an AppSec professional, doing your job, in a DevOps environment.
  • A secure SDLC is when you add security activities to your system development lifecycle. Preferably in every phase of the SDLC, and formalized (devs cannot avoid it).
  • Examples of secure SDLC

-Threat modelling during design

-Adding security requirements & review during requirements gathering

-Reviewing your design for security flaws and to ensure secure deign concepts are applied

For this and more, check out my book, Alice and Bob Learn Application Security and my online training academy, We Hack Purple!

I have a mailing list, please subscribe, it’s free!




Tanya Janca’s Application Security Adventures #WeHackPurple

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Vim motions without exiting the Insert Mode

Lean Web Operations — Planning for the Unpredictable

Why It’s Not Equatable VS Freezed With Value Objects

First Impressions of Java

TDD with Spring Boot Rest Application

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Tanya Janca’s Application Security Adventures #WeHackPurple

More from Medium

Owasp Dependency Check Slack Notification in Jenkins pipeline

How iTMethods Responded to the Log4Shell Vulnerability

Comparison between Traditional Vulnerability Management Tool and ESOF VMDR