OVERVIEW
Web applications are complex. They have many layers of services and servers because they are runtime applications. As a developer on a team, you may be asked to develop client-side interfaces, middleware business logic, or backend database interfaces, all while programming your development security operating environment (or DevSecOps).
Wherever you go, security is your responsibility, even when the organization has other security plans or resources. You’ll probably move around during your time with the team. You’ll go up and down the software stack while staying with the team’s chosen software development life cycle. Security concerns are found at every level of the software stack. They are also found in every step of the software development life cycle. In this assignment, you’ll reflect on the importance of software security.
DIRECTIONS
Begin by reading this Shapiro Library article, linked in the Supporting Materials section: DevSecOps: A Systemic Approach for Secure Software Development. Then reflect on the questions below and reflect on the understanding and importance of software security and a developer’s role in it.
What is your role in solving security concerns as a developer? What might solving security concerns as a developer involve?
Where does security fall within the software stack and development life cycle?
How might you add security measures to transform a DevOps pipeline into a DevSecOps pipeline?
The article suggests creating and following a plan to secure the entire DevOps life cycle. What is included in the suggested plan, and would you recommend following it?