The AppSec How-to: 10 Steps to Secure Agile Development

Aug 28, 2013 By carolineb

In Agile’s fast-paced environment and frequent releases, security reviews and testing sound like an impediment to success. How can you keep up with Agile demands of continuous integration and continuous deployment without abandoning security best practices?

Companies have found the following ten practices helpful to achieve a holistic secure Software Development Life Cycle (SDLC) process in an Agile SaaS world. The approaches taken by these companies follow a basic philosophy: keeping security as simple as possible and remove any unnecessary load from the development team.

The 10 Steps to Secure Agile Development:

  1. Be part of the process
  2. Enforce your policy by using a security package API in each product
  3. Integrate Source Code Analysis (SCA) within the native process of code management
  4. Break the build for any “high” or “medium” findings
  5. Use automation to collaborate with the security dynamic test
  6. Run a penetration test
  7. Engage technology leaders as security champions by showing them the value
  8. Train developers on a regular basis
  9. Provide a collaboration platform for security discussions.
  10. Start small but think big

For a detailed breakdown of each step, please refer to the whitepaper.



The following two tabs change content below.


Latest posts by carolineb (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.