Building an effective AppSec program for cloud-native
Overall, the AppSec program should include not just technical tooling support and security expertise but also a set of soft skills. At the end of the day, if the engineering teams are not convinced that a security change needs to take effect, you will have a hard time convincing the team otherwise. Hence, it is vital to have the right tools in place to help support your case of making a security-related change within the development pipeline and imbibe security as a culture within the teams. In this section, we will do a deep dive into the nitty-gritty of each of the elements but from a 30,000-feet view. All security teams, while bootstrapping an AppSec program, should focus on the following key concepts:
- Threat modeling: Understanding the potential threats to the application and infrastructure is an important step in building a strong AppSec program. Threat modeling involves identifying and evaluating the risks and vulnerabilities...