In the past, security-related degree programs were scarce or non-existent. Developers had difficulty understanding how their work could impact the system’s security. Yvonne Dickinson’s passion for application security stemmed from a flaw in her code that allowed her to manipulate outcomes. This article at Dark Reading by the author speaks about the new approach and ways to strengthen shift left security in the SDLC. This paved a new career path that Dickinson grew to love, with a passion for application security. The author states that the formula to building a successful security program lies in knowing your audience. Being a developer, she holds ‘Functionalize business requirements’ and ‘Meet Deadlines’ as core success criteria.
Iron-Cladding Security with Shift Left
Have you ever heard of the term “shift left”? It is a recent addition to the tech vocabulary. In information technology (IT), shift left refers to pushing more operational testing and cybersecurity technologies further up in the development cycle than before – or to the left of a diagram showing the development lifecycle. You must be bilingual to succeed in application security. That means you must know developer terminology as well as security terminology.
With cloud computing focusing on applications that can run anywhere, on any cloud or platform, shift left concepts will become increasingly important. Furthermore, shift left applications can automatically include their code’s infrastructure demands, such as security and networking features. This also allows static application security testing (SAST) solutions to promise real-time remediation by analyzing code as developers write it.
Benefits of Shift Left and SAST
Do not let the pull-request merge to master if your SAST product finds any critical security flaws or vulnerabilities. You will benefit from your intervention earlier rather than forcing an emergency remediation effort after the fact. You must also consider shift left security when you have third-party dependencies. Software composition analysis (SCA) utilizes a bill of materials (BOM), listing the components of your application and the versions you use. Also, the most robust binary SAST scanners include SCA capabilities as well. This makes it easier for you to quickly find that specific dependency and version, determine the impact, and plan how to proceed.
Here are some proactive steps you can take to increase security in the SDLC:
- Provide developers with expectations on security success by creating standards for application security.
- Give developers incentives for secure coding and reward those that go the extra mile.
- Establish good working relationships with your project managers. Brief them about security requirements so they can reach out to you for new projects.
To read the original article, click on https://www.darkreading.com/application-security/how-to-boost-shift-left-security-in-the-sdlc