Download - Delivering Security In an Agile World
![Page 1: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/1.jpg)
Delivering SecurityIn an Agile World
7 things to remember to ensure the software you’re developing is secure.
![Page 2: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/2.jpg)
Imagine you’re running a shipping business…
To explain how to best fit security into your Agile development process without slowing down the works, let’s compare it to a shipping service.
So, instead of delivering software, imagine you’re now delivering packages—really important packages.
![Page 3: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/3.jpg)
Get your priorities straight.
![Page 4: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/4.jpg)
Each package represents a feature that someone wants in your software. Some are very important and must be delivered ASAP.
Others can wait for a future delivery.
![Page 5: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/5.jpg)
Keep on keepin’ on.
![Page 6: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/6.jpg)
A driver that delivers packages to the right addresses, on time, without losing them or
breaking them is like a software development team that delivers a well-defined set of features by the pre-determined release date. To keep to the schedule, change things as you go rather
than back tracking.
![Page 7: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/7.jpg)
Don’t cram the van, man.
![Page 8: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/8.jpg)
When selecting what items to deliver each day, it’s important to remember that the van can only
carry so much stuff at a time. Likewise, Agile development teams have a notion of “how big
the van is.”
![Page 9: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/9.jpg)
A sprint is no more stretchable than the sides of a delivery van.
![Page 10: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/10.jpg)
If all your eggs don’t fit in one basket…
![Page 11: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/11.jpg)
If someone orders a dozen eggs, but you can only fit ten in the van, take ten now and two
later. Likewise, if a feature is too big for a sprint, break it up into several sprints.
![Page 12: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/12.jpg)
You can’t deliver half an egg (without getting really messy). Likewise, there are limits to how some features can
be broken down.
![Page 13: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/13.jpg)
Handle with care.
![Page 14: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/14.jpg)
Taking the time to fill the empty space in each box with packing peanuts is worth the extra
effort. It’ll save you the cost and time it takes to replace a broken item. Likewise, building
security into your SDLC will reduce the time and money it takes to implement corrections in
future sprints.
![Page 15: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/15.jpg)
The accumulation of replacement items that need to be delivered is
called “technical debt.”
![Page 16: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/16.jpg)
When life give you golf balls…
![Page 17: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/17.jpg)
Giving your development team a code scanning report with 25,000 results is like giving them a crate of 25,000 golf balls and asking them
to ship each one individually. It’s absurdly inefficient.
![Page 18: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/18.jpg)
Security issues should be packaged in a way that makes it easier for
developers to deliver.
![Page 19: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/19.jpg)
Put the pedal to the metal.
![Page 20: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/20.jpg)
Here are 3 tips to help you deliver security successfully in an
Agile world.
![Page 21: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/21.jpg)
Security needs to meet the developers where they work.
1
![Page 22: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/22.jpg)
Provide security assessment results in a format that is consumable by the development team.
![Page 23: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/23.jpg)
Agile software development methods work.
2
![Page 24: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/24.jpg)
If you put security on your development team’s list of goals, then they will build things that get
them to security.
![Page 25: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/25.jpg)
The goal is to create secure software.
3
![Page 26: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/26.jpg)
There is no need to make security artifacts for the sake of making security artifacts.
![Page 27: Delivering Security In an Agile World](https://reader036.vdocument.in/reader036/viewer/2022062820/589d29c91a28abeb478b64bf/html5/thumbnails/27.jpg)
Ready to get moving?
FIND OUT HOW