Part 1 Application Security the Big Picture
Computer security is a vast field with many different technologies that must be learned independently then combined correctly in an application. Application developers and architects typically learn security technologies on the job when they first encounter them while under pressure to deliver product features and bug fixes. Reading blog posts, cutting and pasting configuration settings, and searching stackoverflow.com for help while under pressure to deliver leaves developers feeling like they don’t understand security but also don’t have the time and resources to properly learn it.
A step-by-step plan that breaks security technologies into easily digestible chunks that a developer or architect can learn quickly and independently on the job is the goal of part 1. The plan starts by building a mental model of cloud native application security. The model allows you to definitely answer the following questions.
- What security technologies do you need to know to implement security on the application you are currently working on?
- What is the correct order to learn security technologies in so that you don’t get stuck because you don’t understand a dependency of the technology you are learning?
- What level of depth should you aim for when learning a security technology?
- What is the division of roles and responsibilities between application developers, architects, cloud automation engineers, infrastructure providers, and security engineers?