Part 2. Developing the application security program

 

Now that you understand the basic building blocks of application security, it’s time to put those concepts to the test in developing an overall program that can be used in an organization to develop more secure software. First, you’ll learn about the different deployment models that are available, and how each one can be used to introduce security into the development life cycle. Different models like Waterfall, Agile, Lean, and DevOps bring their own approaches to integrating security. However, the security tools and processes that are used in each of these methodologies is still valid and useful regardless of which one is chosen, as long as a feedback loop is present that provides information to the development team in a timely manner.

In chapter 5, you’ll learn about how to spread the security responsibility beyond the security organization to achieve greater scale. Moving beyond the security team means educating the development teams and providing them the information they need to integrate security into the developed applications. Additionally, maturity modes can be used to measure the security successes and achievements of the organization.