This system is made to solve business issue for one manufactory. It is also has intent behind it to scale up to a product to fulfill needs of organisation which shares the same issue.
MIT License
0
stars
0
forks
source link
[dev-ops] Add security static analyzers to mitigate part of security concerns #8
As an engineer I want to develop more pentest sustainable products
As an engineer I want to enrich my skills set by information security practices and techniques
As an entrepreneur I want my product to pass security audit by a potential customer
Tech details
At least in Russia there is a rising trend of activities to mitigate information security risks. Professional community insist on migration to SSDLC. It means applying several practices of information security expert to each stage of software development:
Threat modelling at the design stage -> static analyzers and security scanners at the development stage -> penetration testing before the UAT stage.
User story
As an engineer I want to develop more pentest sustainable products As an engineer I want to enrich my skills set by information security practices and techniques As an entrepreneur I want my product to pass security audit by a potential customer
Tech details
At least in Russia there is a rising trend of activities to mitigate information security risks. Professional community insist on migration to SSDLC. It means applying several practices of information security expert to each stage of software development:
Threat modelling at the design stage -> static analyzers and security scanners at the development stage -> penetration testing before the UAT stage.
More information in this my publication
The scope of this ticket covers 2nd stage.
Pay attention to 3rd party libraries like #6