Share on social networks!

SecDevOps and security in the SDLC


The implementation of the movement DevOps It has meant an advance in software development processes and their implementation. The increasingly demanding “Time To Market” arises from the need for quality and agility in the Software Development Life Cycle to be increasingly united, and therefore the ideal solution is the automation of all phases of development. construction and testing of the code; or what is the same, Continuous Integration (CI).

This philosophy is increasingly important and reveals maturity during project development, but there is still a key principle to add to this process: security. So the term becomes SecDevOps. In summary, Applying DevOps allows you to improve your implementation times of new services and functionalities.

Following the DevOps life cycle, the security team would begin to apply its controls in one of the last phases, more specifically in the Deployment phase, too late if we take into account that bugs will be found and the development team must solve them in a short period to carry out the new version, which is why on many occasions we find ourselves with delays in delivery times and going against the Agile and DevOps philosophy.

Secdevops Security

For these reasons, if we implement from the planning phase (Security By Design), and correct defects before the development phase, we reduce the costs of correcting vulnerabilities in more advanced product phases. But, we are going to zoom in more on each of the phases and the security tests applicable in each of them:

  • Planning: Being the earliest phase of development, we chose to analyze the type of threats that the project may encounter, attacks on user authentication, the exposure of critical services and the version that is used, encryption, etc.
  • Programming: The project manager must ensure that the development team maintains any security problems that may exist and makes use of the good practices and guides available for secure development. Before moving to the next phase we can perform a static code analysis.
  • Testing: As in any other development, we carry out functional, unit and integration testing. Designing specific use cases for security.
  • Packaging: In the packaging phase we will analyze the external libraries and images (in case of using containers) in search of security problems that do not affect our project.
  • Launch: Centralization and the use of repositories that have version control. (GIT, Gitlab, Azure DevOps...)
  • Deployment: Prior to deploying the application on the production servers, we will deploy it on a private environment to test the security of the application again.
  • Operation: It is already in operation. It is the turn to ensure the security of the application through a security audit or pentesting.
  • Monitoring: We never stop doing security tests, technology advances and cybercriminals detect new flaws daily that put the integrity of many of the technologies used daily at risk. In this phase we monitor the application to detect possible vulnerabilities and attacks.

The democratization of cybersecurity is one of our fundamental pillars, including it in software development processes or in any other point related to new technologies. At Auditech we are committed to promoting a default Security policy, where the entire organization takes these concepts into account. Always opt for early implementation like SecDevOps.

In the EIP International Business School You will find the training you are looking for, updated and quality. Request information from us now to learn more about our Master in Cybersecurity.

Subscribe to our newsletter to stay up to date with all the news

EIP International Business School informs you that the data in this form will be processed by Mainjobs Internacional Educativa y Tecnológica, SA as the person responsible for this website. The purpose of collecting and processing personal data is to respond to the query made as well as to send information about the services of the data controller. Legitimation is the consent of the interested party.
You can exercise your rights of access, rectification, limitation and deletion of data in compliance@grupomainjobs.com as well as the right to file a claim with the supervisory authority. You can consult additional and detailed information on Data Protection in the Privacy Policy that you will find in our Web page
Master Cybersecurity Professional Master

Leave a comment