Part 1: Application Security the Big Picture
Computer security is a vast field with many different technologies that must be learned independently then combined correctly in an application. Application developers and architects typically learn security technologies on the job when they first encounter them while under pressure to deliver product features and bug fixes. Reading blog posts, cutting and pasting configuration settings, and searching stackoverflow.com (or more recently using AI tools) for help while under pressure to deliver leaves developers feeling like they don’t understand security but also don’t have the time and resources to properly learn it.
A step-by-step plan that breaks security technologies into easily digestible chunks that a developer or architect can learn quickly and independently on the job is the goal of part 1. The plan starts by building a mental model of cloud native application security. The model allows you to definitely answer the following questions.