Slide 12
Slide 12 text
.
12
Enablement:
Security in Development
Security analysis is integrated into CI processes
and pipelines.
Developers use secure development guidelines,
practices, tools, frameworks and techniques.
• Secure Coding Guidelines and Reviews
• Static Code Analysis – IDE, CI, Application Code,
Infrastructure Code
• Component Analysis - Images, Binaries, 3rd Party
Libraries, etc.
• Container and Registry Scans
Security in Design
Security is considered throughout the functional and
technical design phases, according to standards and
identified threat models.
• Security Blueprints
• Reusable Security Services
• Security Architecture and Design Reviews
• Threat Modeling
• Security and Compliance as Code
• Logging
Security in Planning
Security features, components and services are
identified and prioritized for development and
delivery.
• Security Risk Profiles
• Container Security Standard
• APIs Security Standard
Security in Operations
Ensure that the right components are deployed and
monitored, with the right security controls and metrics
for visibility.
Security in Testing
Security tests are integrated into CD processes and
pipelines and performed according to business
criticality and security risk.
• Dynamic Application Security Testing (DAST / IAST)
• Security Tests and Scans – applications, APIs,
infrastructure
• Penetration Tests
• Advanced Adversary Simulations (FusionX)
SECURITY IS SHIFTED LEFT INTO EVERY STEP OF THE PRODUCT DEVELOPMENT LIFECYCLE
(EVERYTHING AS CODE)
SECURE MICROSERVICE DELIVERY MODEL
• Security
Training
• App Security
KPIs Product
Cycle
PRODUCT SECURITY
PROFILES
METRICS,
DASHBOARDS &
REPORTS
CULTURE,
EDUCATION &
TRAINING
SECURITY
CHAMPIONS
GOVERNANCE
POLICIES,
STANDARDS &
GUIDELINES
SECURITY PORTAL
SOURCE CODE
REPOSITORY
ARTIFACT
REPOSITORIES
DEVOPS TOOL
CHAINS
CENTRALIZED
LOGGING PLATFORM
CROSS-FUNCTIONAL
COLLABORATION
• Deploy – The right versions of
components
• Protect – Ensure that the right
security controls are in place
• Detect – Monitor application,
container and infrastructure
performance; monitor log events for
anomalies
• Respond – Alerts, root cause
analysis, enhancements of controls
Copyright © 2019 Accenture Security. All rights reserved