Enable javascript in your browser for better experience. Need to know to enable it? Go here.
As informações desta página não estão completamente disponíveis no seu idioma de escolha. Esperamos disponibiliza-las integralmente em outros idiomas em breve. Para ter acesso às informações no idioma de sua preferência, faça o download do PDF aquí.
Atualizado em : May 05, 2015
NÃO ENTROU NA EDIÇÃO ATUAL
Este blip não está na edição atual do Radar. Se esteve em uma das últimas edições, é provável que ainda seja relevante. Se o blip for mais antigo, pode não ser mais relevante e nossa avaliação pode ser diferente hoje. Infelizmente, não conseguimos revisar continuamente todos os blips de edições anteriores do Radar. Saiba mais
May 2015
Evite ?

Traditional approaches to security have relied on up-front specification followed by validation at the end. This “Security Sandwich” approach is hard to integrate into Agile teams, since much of the design happens throughout the process, and it does not leverage the automation opportunities provided by continuous delivery. Organizations should look at how they can inject security practices throughout the agile development cycle. This includes: evaluating the right level of Threat Modeling to do up-front; when to classify security concerns as their own stories, acceptance criteria, or cross-cutting non-functional requirements; including automatic static and dynamic security testing into your build pipeline; and how to include deeper testing, such as penetration testing, into releases in a continuous delivery model. In much the same way that DevOps has recast how historically adversarial groups can work together, the same is happening for security and development professionals. (But despite our dislike of the Security Sandwich model, it is much better than not considering security at all, which is sadly still a common circumstance.)

Jan 2015
Evite ?

Traditional approaches to security have relied on up-front specification followed by validation at the end. This “Security Sandwich” approach is hard to integrate into Agile teams, since much of the design happens throughout the process, and it does not leverage the automation opportunities provided by continuous delivery. Organizations should look at how they can inject security practices throughout the agile development cycle. This includes: evaluating the right level of Threat Modeling to do up-front; when to classify security concerns as their own stories, acceptance criteria, or cross-cutting non-functional requirements; including automatic static and dynamic security testing into your build pipeline; and how to include deeper testing, such as penetration testing, into releases in a continuous delivery model. In much the same way that DevOps has recast how historically adversarial groups can work together, the same is happening for security and development professionals. 

Publicado : Jan 28, 2015

Baixe o PDF

 

 

 

English | Español | Português | 中文

Inscreva-se para receber o boletim informativo Technology Radar

 

 

Seja assinante

 

 

Visite nosso arquivo para acessar os volumes anteriores