• Create an up to date threat model and data flow diagram. Focus on one security story in each development sprint.
  • Teach your team basic threat modeling. Get them to think about it in each sprint cycle.
  • Integrate a static analysis tool into IDE & Dependency / Open source security checks into local build processes whenever possible.
  • Integrate both of these into a CI/CD pipeline, and break the build on issue thresholds.
  • Configure dynamic test tools into the CI/CD pipeline on deploys.

Full post here, 6 mins read