Skip to main content Link Menu Expand (external link) Document Search Copy Copied


Table of contents

DevSecOps simple model more focus on fast and scalable

Threat ModelingIdentify and analyze potential security threats and vulnerabilities in the system design and architecture.Microsoft Threat Modeling Tool, Pytm
SAST (Static Application Security Testing)Analyze source code to identify security vulnerabilities and coding flaws.Snyk - SonarQube - Checkmarx - Fortify - Veracode
SCA (Software Composition Analysis)Identify and manage open-source and third-party components for known vulnerabilities and license compliance.Snyk - Sonatype Nexus Lifecycle - WhiteSource - Black Duck
Secure PipelineImplement security controls and best practices in the CI/CD pipeline to ensure the integrity and security of the software delivery process.Jenkins - GitLab CI/CD - CircleCI
Real-time distributed messaging platformsUtilize messaging platforms for real-time communication, collaboration, and incident response.Slack - Microsoft Teams - Mattermost - Discord
ArtifactsSecurely manage and store build artifacts, such as Docker images or software packages.Docker Registry - Nexus Repository Manager - JFrog Artifactory
Configuration ManagementManage and enforce secure configuration settings across the infrastructure and applications.Ansible - Chef - Puppet - Terraform
DAST (Dynamic Application Security Testing)Test running applications to identify vulnerabilities and security weaknesses in real-time.Nuclei - Burp Suite - Acunetix - Netsparker
IAST (Interactive Application Security Testing)Perform security testing during application runtime to identify vulnerabilities and provide real-time feedback.Contrast Security - Seeker - Quotium Seeker
Smoke TestExecute basic tests to ensure the essential functionality of the application after each deployment.Selenium - Cypress - Postman
Cloud InfrastructureSecurely configure and manage cloud infrastructure and services.AWS CloudFormation - Azure Resource Manager - Google Cloud Deployment Manager
Secret ManagementSecurely store and manage sensitive information, such as API keys, passwords, and certificates.HashiCorp Vault - AWS Secrets Manager - Azure Key Vault
Threat IntelligenceGather and analyze threat intelligence data to proactively identify potential security threats and vulnerabilities.OpenCTI
Vulnerability AssessmentConduct regular vulnerability assessments and scans to identify and prioritize vulnerabilities.Nessus - Qualys - OpenVAS - Rapid7 InsightVM
MonitoringContinuously monitor applications and infrastructure for security events and anomalies.ELK Stack (Elasticsearch, Logstash, Kibana) - Splunk - Prometheus - Grafana
Virtual PatchingApply temporary security measures to mitigate vulnerabilities until a permanent fix is implemented.OpenRASP
MISecOps (Machine Learning in Security Operations)Utilize machine learning techniques to enhance security operations and automate threat detection and response.IBM Watson for Cyber Security - Splunk User Behavior Analytics (UBA) - Darktrace
AiSecOps (Artificial Intelligence in Security Operations)Apply artificial intelligence algorithms and techniques to improve security operations and automate threat analysis and response.Cylance - IBM QRadar - Palo Alto Networks Cortex XDR