0 votes
52 views
What is an AppSec Pipeline?
in Technology by (186k points)

1 Answer

0 votes

AppSec Pipeline

An AppSec pipeline applies the principle of DevOps and lean into the application security program.

The ultimate aim of an AppSec pipeline is to deliver a consistent process from the application security team and the constituency which typically involves the developers, QA, product managers, and senior stakeholders.

An AppSec pipeline is designed for iterative improvement and can organically grow in functionality over time.

Each activity has well-defined states throughout the process flow.

The pipeline extensively depends on automation for repeatable tasks.

AppSec Pipelines

Pipelines comprises of four distinct areas.

The first is the intake process or first impression.

  • Here the customers requests AppSec services such as static, dynamic, or manual assessments from the AppSec team.

  • The intake process comprises of an application repository that a requester will either choose from a listing of applications or provide the details manually.

The second part is triage

  • An analysis is done to apply the requested services.

  • For example, an application request may include an automated scan. In such a case a request would be made to conduct a security scan.

  • AppSec Pipeline - Intake and Triage
    AppSec Pipeline - Intake and Triage

    The image above illustrates the components of the intake and triage phase.

  • AppSec Pipeline - Testing Phase

    AppSec Pipeline - Testing Phase
    AppSec Pipelines
    AppSec Pipelines

    The last part of the pipeline deliver.

    Here the results are distributed to the customer.

    • In this phase most pipelines integrate with the defect tracker and will produce summary matrices and reports for senior management
by (186k points)

Related questions

0 votes
1 answer 19 views
19 views asked Oct 27, 2020 in Technology by JackTerrance (186k points)
0 votes
1 answer 2.0k views
0 votes
1 answer 483 views
0 votes
1 answer 49 views
0 votes
0 answers 6 views
0 votes
1 answer 43 views
0 votes
0 answers 329 views
0 votes
1 answer 31 views
0 votes
1 answer 27 views
27 views asked Feb 4 in Technology by JackTerrance (186k points)
0 votes
1 answer 14 views
0 votes
1 answer 21 views
0 votes
1 answer 19 views
0 votes
1 answer 20 views
0 votes
1 answer 11 views
11 views asked Dec 31, 2020 in Technology by JackTerrance (186k points)
0 votes
1 answer 28 views
28 views asked Dec 12, 2020 in Technology by JackTerrance (186k points)
0 votes
1 answer 26 views
26 views asked Dec 9, 2020 in Technology by JackTerrance (186k points)
0 votes
1 answer 12 views
12 views asked Dec 9, 2020 in Technology by JackTerrance (186k points)
0 votes
1 answer 11 views
11 views asked Dec 6, 2020 in Technology by JackTerrance (186k points)
0 votes
1 answer 14 views
...