Business Challenge: "No security-visibility in the DevOps-CI/CD Pipeline"
Purpose Built Cyber Awareness
Threat Modelling and Integrate Security and Testing (Mandatory)
Create Mis-Used cases in the Backlog
DevOps Team comprises of expert category engineers who can configure automation in the software development and deployment - Most Often with little or no insights into Cybersecurity - Hence the goal is to elucidate the need for a Security Engineer to be an integral part of the Team; the role of who is to ensure Security is embedded right from the design phase.
Develop a DevSecOps Framework, Integrate security user stories and Automate testing in the CI/CD pipeline with an in-depth and collective orientation for the team members
Model Threats Specific to the Application being developed
Identify systems and assets; their corresponding threats in the existing environment; apply legitimate controls based on the Risk appetite and tolerance levels of the governing body.
Outline Security requirements in the User Stories
Create Mis-Used Cases; write Security Test-Cases and include them in the Backlog
Ensure security is built into entire CI/CD Pipeline using automation tools and audit the process from time to time for configuration assurance.
How it addressed the Business Challenge:
If the Security Test Case Fails - Continuous Deployment would fail ensuring security being embedded during the development and deployment phases