Application Security

Written on


Application Security is the discipline of applying engineering activities that result in securely operating an application. In a modern, DevOps-based SDLC these activities comprise all stages of development and operations.

DevOps that embraces security this way is popularly dubbed DevSecOps.

DevOps security activities


Various techniques cover activities at build and run time, targeting architecture, plain source code, packaging, containerization, deployment, and the application execution environment, e.g.

  1. Threat modeling
  2. SAST
  3. IaC scanning
  4. Secret detection
  5. Dependency scanning
  6. Container image scanning
  7. DAST
  8. WAF
  9. Load testing
  10. Penetration testing

The left side of the DevOps loop is traditionally seen as “pre-production” (Dev), the right side as “production” (Ops). A high grade of automation (e.g. stop-the-pipeline, automatic remediation) characterizes the entire process, typically accompanied by dashboard-based transparency, supporting the development and operations workforce.

The DevSecOps loop
comments powered by Disqus