You might be wondering how you can improve the DevOps pipeline or development process.
Top 5 to consider
Good teams are the ambition and assets of the company, we need to build security awareness in the team.
Bounch of security guideline outside, we can choose the fittest for us like
Local regulation and
OWASP should be part of business security risk guidelines.
- Static Application Security Testing (SAST): Prevents vulnerabilities early in the development process, allowing them to be fixed before deployment
- Dynamic Application Security Testing (DAST): Once code is deployed, prevents exposure to your application from a new set of possible attacks as you are running your web applications
- Dependency Scanning: Automatically finds security vulnerabilities in your dependencies while you are developing and testing your applications, such as when you are using an external (open source) library with known vulnerabilities
- Container Scanning: Analyze your container images for known vulnerabilities
- Auto Remediation: Auto remediation aims to automated vulnerability solution flow, and automatically create a fix. The fix is then tested, and if it passes all the tests already defined for the application, it is deployed to production.
- Secret Detection: Prevent secrets from accidentally leaking into your Git history. Each commit is scanned for secrets within SAST.
- IAST and Fuzzing: Future features GitLab will be adding to its Security capabilities, see the visions for IAST and Fuzzing
- much more
Make sure all environment, applciation and servers are passed from penetrate before lounch. We can do several activity like:
- Automation security testing
- Vulnerability Assessment and Penetration Testing (VAPT)
To make sure production ready, provide secure monitoring to monitor likes:
- Identify attact
- Digital assets discovery