1/12

left section image

DevSecOps Capabilities Assessment

DevSecOps Capabilities Assessment

Are Security Team representatives involved in the development of new applications and services?

Does your security, governance and compliance function embrace Agile and DevOps Principles?

left section image

DevSecOps Capabilities Assessment

DevSecOps Capabilities Assessment

A least-privilege model is enforced for processes running on shared infrastructure.

Security-approved OS, software versions and frameworks are used to compose the required infrastructure. Security-related controls such as ACLs and FIM are defined as a part of infrastructure where applicable.

left section image

DevSecOps Capabilities Assessment

DevSecOps Capabilities Assessment

IaaS or PaaS service provider security controls are validated to ensure that they meet business requirements in their domains of the shared security model.

Does your Development Teams follow a consistent set of secure Coding Best Practices including OWASP coding rules?

left section image

DevSecOps Capabilities Assessment

DevSecOps Capabilities Assessment

Are Coding Standards enforced in CI/CD Pipeline using automated tools and scanning?

Are Code Reviews done as a part of the Software Development Lifecycle? Before code is pushed to master or Ready for Release, Is it reviewed?

left section image

DevSecOps Capabilities Assessment

DevSecOps Capabilities Assessment

Do you use automated code scanning tools in Pipeline based on Compliance Requirements such as PCI DSS?

Do you provide feedback lessons learnt from previous security incidents to teams ( eg. exploited bugs and flaws ).

left section image

DevSecOps Capabilities Assessment

DevSecOps Capabilities Assessment

At what stage in your development process your organisation embedded security controls and testing?

left section image

DevSecOps Capabilities Assessment

DevSecOps Capabilities Assessment

Does your organization check third-party software components and vulnerabilities contained in them?

left section image

DevSecOps Capabilities Assessment

DevSecOps Capabilities Assessment

Have you incorporated threat-modelling processes in your DevSecOps in order to get your developers thinking about their software from the perspective of the attacker?

Are you allocating the time and investment needed to train your development team on secure coding?

left section image

DevSecOps Capabilities Assessment

DevSecOps Capabilities Assessment

Common security components such as identity, authorization, key management, audit/log, cryptography, protocols, etc. are maintained, published, readily available and used within module development.

Binary artifacts are digitally signed and stored in secure repositories.

left section image

DevSecOps Capabilities Assessment

DevSecOps Capabilities Assessment

A software version management system is used to manage versions of all changes to source code, executable images and tools used to create and test the software.

Does your Release Regression Tests include Security Tests?

left section image

DevSecOps Capabilities Assessment

DevSecOps Capabilities Assessment

Test results that indicate possible security concerns are tagged for security analysis.

An accurate inventory of all software packages and version information is documented via Infrastructure as Code. Automated detection is used to identify whether any of the packages have known CVEs associated and define specific remediation actions.

left section image

DevSecOps Capabilities Assessment

DevSecOps Capabilities Assessment

If containers are used for deployment, images are scanned for security issues automatically in Pipeline and fixed based on CVEʼs score.

left section image

Submit Your Details to See Results

What is your First Name ?

What is your Last Name ?

What is your Email id ?

In which company you work in ?