Security Program

Implementing a security program is critical to ensure good code practices. Often many of the threats deal with the OWASP Top 10 Web Application Security Risks.

As a minimum, a security program should include:

  • Software Composition Analysis (SCA) - Security and Licenses

  • Static Application Security Testing (SAST) - code scanning

  • Dynamic Application Security Test (DAST)

  • Penetration Testing (PENTEST)

  • Security Log Management (SLM)

  • Cyber Threat Intelligence (CTI)

  • Secrets detection

  • Container scanning

  • Security Operations

  • Infrastructure as code scanning

  • Security Self-Assessment (SSA) or Security Posture.

  • Data Protections Agreements and arrangements. Should be compromised into an ISAE 3000 GDPR.

  • Bug bounty program

  • Responsible Disclosure (RD)

Tools

Static Code Analysis (SCA) Tools

Static Application Security Testing (SAST) Tools

  • Polaris
  • SonarCube