In a recent 'Ask Me Anything' live stream, Tanya Janca of SheHacksPurple.dev discusses 'DevSecOps versus Secure SDLC'. This video is approximately 2.5 minutes.
- DevSecOps is you as an AppSec professional, doing your job, in a DevOps environment.
- A secure SDLC is when you add security activities to your system development lifecycle. Preferably in every phase of the SDLC, and formalized (devs cannot avoid it).
- Examples of secure SDLC -Threat modelling during design -Adding security requirements & review during requirements gathering -Reviewing your design for security flaws and to ensure secure deign concepts are applied
Then Tanya gets off topic and talks about SheHacksPurple.dev.