Speed rules in software development today. The DevOps model means getting newer, better, faster into the hands of customers as quickly as possible is the name of the game. But where does that leave security? If it’s not done right — overlooked or worked around. Done right — it’s embedded into the software development process from day one, unobtrusively checking for and removing vulnerabilities before they emerge. The days of a security “gate” at the end of the development process, delaying releases and causing rework, are over; security either shifts left, and in a smart way, or it’s sidelined.
This short series of videos, featuring CA Veracode co-founder and CTO Chris Wysopal and CA Veracode director of product management Tim Jarrett, give you five steps to start moving security earlier in your development process. With practical advice and tips on working with developers, embedding security into development processes and creating secure code from the start, Chris and Tim walk you through:
Step 1: Automate security from day 1 Take human intervention out of the process as much as possible.
Step 2: Integrate as you code Enable developers to test for security on their own early and often.
Step 3: Avoid false alarms Security testing tools that aren’t low noise won’t work in a DevOps model.
Step 4: Create security champions Security can’t be everywhere, so create advocates who work on their behalf.
Step 5: Develop a culture of visibility The developer’s responsibilities can’t stop when the product is in production.
Make sure you know how to implement these five steps; let Chris Wysopal and Tim Jarett show you how.
*** This is a Security Bloggers Network syndicated blog from RSS | Veracode Blog authored by email@example.com (sciccone). Read the original post at: http://www.veracode.com/blog/managing-appsec/5-essential-steps-shift-security-left-video