- Create an up to date threat model and data flow diagram. Focus on one security story in each development sprint.
- Teach your team basic threat modeling. Get them to think about it in each sprint cycle.
- Integrate a static analysis tool into IDE & Dependency / Open source security checks into local build processes whenever possible.
- Integrate both of these into a CI/CD pipeline, and break the build on issue thresholds.
- Configure dynamic test tools into the CI/CD pipeline on deploys.
Full post here, 6 mins read