{{announcement.body}}
{{announcement.title}}
Refcard #267

DevSecOps

With DevSecOps, you can reach higher security standards while following DevOps principles. This Refcard will show you how to get started with DevSecOps with key themes, crucial steps to begin your journey, and a guide to choosing security tools and technologies to build your DevSecOps pipeline.

7,201

Brought to you by

Puppet
Free .PDF for easy Reference

Written by

Jeff Williams Cofounder and CTO, Contrast Security
Refcard #267

DevSecOps

With DevSecOps, you can reach higher security standards while following DevOps principles. This Refcard will show you how to get started with DevSecOps with key themes, crucial steps to begin your journey, and a guide to choosing security tools and technologies to build your DevSecOps pipeline.

7,201
Free .PDF for easy Reference

Written by

Jeff Williams Cofounder and CTO, Contrast Security

Brought to you by

Puppet
Table of Contents

What Is DevSecOps?

Section 1

What Is DevSecOps?

DevSecOps is an approach to IT security based on the principles of DevOps. The exact formulation is still emerging, but we think it’s useful to capture emerging practices for achieving security while building applications and APIs without disrupting high speed software pipelines.

  • DevSecOps Is Full Stack: DevSecOps spans the entire IT stack, and includes network, host, container, server, cloud, mobile, and application security. Increasingly, all of these layers are turning into software, which makes application security a critical focus for DevSecOps.
  • DevSecOps Is Full SLC: DevSecOps also spans the full software lifecycle, including development and operations. In development, the focus is on identifying and preventing vulnerabilities, while in operations, monitoring and defending applications are the goals.

Can you apply DevSecOps practices and tools to non-DevOps projects? Absolutely. The ideas in this document are applicable to almost any software project. If your goal is to produce highly secure software in the most cost-effective way possible, then DevSecOps is the path forward.

Gartner has named DevSecOps one of their fastest-growing areas of interest and predicts that DevSecOps will be embedded into 80 percent of rapid development teams by 2021. Organization practicing DevSecOps have shown impressive results. These early adopters are 2.6x more likely to have security testing keep up with frequent application updates and show a 2x reduction in time to fix vulnerabilities.1

Understanding the different types of security work and their value to your organization is critical to successful DevSecOps initiatives. Until you truly understand the work, it’s going to be difficult to deliver it effectively. You can learn more about this topic and DevOps in general by reading books like The Phoenix Project and The DevOps Handbook.

Image title

This is a preview of the DevSecOps Refcard. To read the entire Refcard, please download the PDF from the link above.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}