Please enable JavaScript.
Coggle requires JavaScript to display documents.
Secure Applications Development, Deployment and Automation AGAIN - Coggle…
Secure Applications
Development, Deployment and Automation
AGAIN
Securing
Applications
Application Code
Integrity Measurement
Measures any changes
(basically data collection)
Windows
need a way to test
for changes
integrity measured with
attestation challenges (think a test)
could
be hash (to see if hash value changed)
attest leads to
trustworthy and confidence
(basically a form of validation)
2 more items...
Linux
there are other integrity measurement
mechanisms or functionalities have been
created
example group
TCG
(Trusted Computing Group)
TCG designed and created
mechnanism/functionality that
performs first integrity action
before TPM runs
there is an initial action
Core Root of Trust
for Measurement
(CRTM)
2 more items...
Managing Code
Integrity measurement is
all about validating and confirming
no changes have been made
Another way to
control and prevent changes
Change management and version control
Change Management
includes version control
means version control is
part of change management
version control
aka
source control
1 more item...
advance automation
can be used
Securing Code
leads to
Software Assurance
Assuring software/code
is reliable and vulnerability
free and safe from attacks
During actual
Code development
(design and implementation phases)
consider these
during design and
implementation phases
good
software practice
software practices
can be taught/learnt
2 more items...
prevent software
from being reverse
engineered
Encryption, Obfuscation,
Camouflage
2 more items...
Code Reuse +
Dead Code
using pre-existing code/software
to build new software
causes vulnerabilities
1 more item...
Client-side and
server-side validation
Validate any and all
input
1 more item...
Securing
Dev Environments
Organizations that create software
separates development
Separation in form of
phases or environments
phases aka
development deployment life cycle
Deployment life cycle
consist of different application environments
Application Environments
Development, Testing, Staging,
and Production
environments separated
physically or virtually (VLAN)
separated from each other
and outside using firewall
3 more items...
application environments
and different phases of deployment
lifecycle is all about testing
in different environments
testing in different environments
and different systems
when application/test happens
need to know how system/environment
is affected
1 more item...
applications
provide a service
service needs
to be available
aka
availability
availability
means application is
reliable
availability and reliability
comes from
Resilience
part of resilience
prevent or mitigate
risks
mitigate risk with
good security practices
and
Automation
Automation
Different levels
and types of
Automation
Automated Collection Action Systems
1 more item...
Types/levels
may depend on
size of organization
2 more items...
Scripting
1 more item...
Potential negative
of Automation
Automation can be complex to setup
1 more item...
Automation and Scripting
are also part of DevOps
DevOps
(Development and
Operations)
2 more items...
Could be part of Automation for
a system especially for
cloud services and infrastructure is
scalability and elasticity
Scalability
and
Elasticity
1 more item...
Resilient against
any issues/disruptions