Modern web applications are built using modern continuous integration and deployment processes.
This means that you run tests specific to whatever environment you are pushing to whether that's DEV, STAGING or PROD.
Control Name Priority
3.1 CI/CD Pipeline 1
Description: Implement a CI/CD pipeline
Difficulty: Medium
Control Name Priority
3.2 Application Environments 2
Description: Create separate environments for dev, staging and prod, and treat each as independent with its own data, testing and requirements
Difficulty: Medium
Control Name Priority
3.3 Application Data Separation 3
Description: Make sure that dev and test environments are not using the same data as production. If the use of live data is required then make sure that data is anonymized.
Difficulty: Difficult
Control Name Priority
3.4 CI/CD Administration 3
Description: Create and enforce user or team roles so that only the appropriate people can change or disable tests and deployment requirements
Difficulty: Medium
Control Name Priority
3.5 Credential Store 1
Description: Create a secure encrypted place to store senstive credentials like passwords, API keys, etc.
Difficulty: Medium
Control Name Priority
3.6 Centralized Software Composition Analysis 1
Description: Scan source code for vulnerable libraries and open source software from within a CD stage
Difficulty: Easy
Control Name Priority
3.7 Centralized Static Code Analysis 2
Description: Scan source code for vulnerabilities in the source code itself from within a CD stage
Difficulty: Easy
Control Name Priority
3.8 Centralized Sensitive Data Analysis 2
Description: Scan source code for secrets, credentials, API keys and similar from within a CD stage
Difficulty: Easy
Control Name Priority
3.9 Dynamic Application Security Testing -DAST 3
Description:Scan running application for vulnerabilities
0 comments:
Post a Comment