- DevSecOps is you as an AppSec professional, doing your job, in a DevOps environment.
- A secure SDLC is when you add security activities to your system development lifecycle. Preferably in every phase of the SDLC, and formalized (devs cannot avoid it).
- Examples of secure SDLC -Threat modelling during design -Adding security requirements & review during requirements gathering -Reviewing your design for security flaws and to ensure secure deign concepts are applied
Then Tanya gets off topic and talks about We Hack Purple.