Ana içeriğe atla

Kayıtlar

Nitelikli

DEVOPS APPSEC CONFLICT - 2

The agile development methods are actually the combination of the tiny iterations of the Waterfall model. In every iteration, all processes in the waterfall model are operated. Therefore, all of the security tests have to be completed in the timeline of a sprint. If we take into account the static analysis test phase and the bug closure times, we can easily understand that vulnerability tests must be done in the course of software development.


This issue can be solved by a developer who knows about security weaknesses. By reviewing the code regularly, a software developer can warn his/her colleagues to watch out the flaws that are located in their code. But this time-consuming job needs extra resource and passion in the team. In a small team that becomes an ignorable task to continue the secure SDLC process.

If you scan the whole project with a static analyzer, you can see some results that are out of the sprint scope. So, if we can analyze the code while developing it, wouldn't b…

En Son Yayınlar

DevOps AppSec Conflict - 1