Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
DevSecOps March 2018 - Extract
1. Dev Workstation Build Server
Centralize Report (Vulnerability Management) Server
SCM
Static Code Analysis
(SAST)
Dynamic Testing
(DAST)
Interactive Testing
(IAST)
Open Source Component Security
Manual Penetration Testing – Out of Band
Scope: Application and Network layer – White/Black box
Defect
Management
AUTOMATION
INTEGRATION POINTS
SECURITYASSURANCEMODEL
Legend
Black Box: Development Stack
Blue Box: Automation - Integration
Red Box: Security Tools and Controls
Infrastructure Scanning