DevSecOps Service

Situation

Organization is growing rapidly through M&A. Significant prospective client initiates third-party audit. Audit mandates:

  • Streamline delivery by practicing “shift-left” security with greater reliance on automation
  • Define a security issue prioritization process that evaluates identified issues against the technical and business risk factors
  • Utilize a software composition analysis tool to check third-party libraries for CVEs
  • Implement recurring, required security training for development teams
  • Empower security champions in software development teams

Approach

Layer 8 Security assigned a program manager and DevSecOps/security SME(s).

  • Evaluate, select, and integrate SAST and SCA automation to identify risks
  • Develop security training for all contributors to promote a security-focused culture
  • Optimize vulnerability remediation workflow to reduce time and effort to address

Conclusion

Layer 8 Security guided the creation of a secure development program

  • Identified existing vulnerabilities capable of service disruption or information disclosure and refined the remediation process
  • SDLC policy documents updated to require security testing prioritization each sprint reducing attack surface
  • Greater understanding of potential vulnerabilities, the tools used to identify, and the remediation process achieved through in-depth training sessions
  • Security Champions empowered to improve the program and spread knowledge to new contributors

Key Success Factors
  • Leveraged participation from the nominated Security Champions to spearhead the adoption of security testing in the SDLC
  • Maintained flexibility in automation integration and reduced disruption to existing and future project timelines with customized implementation
  • Included Security, Development, QA, and Project Management contributors in decision-making and training, to share ownership of new SDLC processes



BACK TO CASE STUDIES

Talk with our award-winning team