DZone

As mentioned in my previous post “Building Software Immunity,” an application security mindset needs to be at the core of software development practices. Just as good eating habits bring nutrients into our bodies, good development practices bring internal quality and immunity into our software to help fight off any unforeseen attacks in future. This post is an attempt to explore some of these ideas and practices that can help developers or tech leads make software and, eventually, the end users secure.

Shift-Left Approach

With the rise of Twelve-Factor cloud native applications, infrastructure has become part of software applications. Development teams (leads, software developers, product owners) are building software rapidly with various CI/CD (DevOps) and IaC (Infrastructure As Code) tools. In such agile and evolving environments, security of the software can be easily overlooked. As pointed out by Richard Seiersen in A Modern Shift-Left Security Approach, incorporating security in early phases of software development has typically been costly and time-intensive. An improved approach is to embrace security features right from the beginning when requirements are formed. That is, security requirements can be augmented with user stories to emphasize these aspects in rapid development environments (for more directions, refer to C1: Define Security Requirements | OWASP).

Source: DZone