Part 1 Application security: The big picture
Computer security is a vast field with many technologies that must be learned independently and then combined correctly in an application. Application developers and architects typically learn security technologies on the job when they first encounter them, under pressure to deliver product features and bug fixes. Reading blog posts, copying and pasting configuration settings, and searching Stack Overflow (or, more recently, using AI tools) for help can leave developers feeling that they don’t understand security and don’t have the time and resources to learn it properly.
Part 1 aims to provide a step-by-step plan that breaks security technologies into easily digestible chunks that a developer or architect can learn quickly and independently on the job. The plan starts by building a mental model of cloud-native application security. The model allows you to answer the following questions with confidence:
- What security technologies do you need to know to implement security on the application you’re currently working on?
- What is the best order in which to learn security technologies so you don’t get stuck because you’re missing a prerequisite for what you’re learning?
- What level of depth should you aim for when learning a security technology?
- What is the division of roles and responsibilities between application developers, architects, cloud automation engineers, infrastructure providers, and security engineers?