Figure 1 AppSec Event Driven Service- DevSecOps
In a previous blog, we had discussed how we were able to build an event-driven AppSec Service for one of our major financial clients and the related challenges and details on the design and implementation of such a solution. This blog primarily focuses on the outcome of building such a service and how this impacted the overall implementation of DevSecOps within the organization. To really understand the impact, we will compare side by side, how things were working before and how they improved after we had a solution in place.
The overall flow for detecting vulnerabilities and running AppSec Scans before building a dedicated service was as follows:
As seen in the previous section, things were very much chaotic before building a dedicated AppSec service. Let us now see how the situation changed once the AppSec Service was put in place:
Implementing DevSecOps best practices can be a daunting task but following an iterative approach based on end-user and stakeholder feedback can be the best approach. It is possible to design app sec automation optimized for developer productivity by providing feedback as early as possible. Addteq can be your trusted partner for adopting DevSecOps in your organization by enabling you to follow the framework that we described above.