It’s not always obvious what needs doing, and the payoffs of good security show up as the
absence of bad events rather than the addition of good events. Who is surprised when it
falls off our priority lists?
DevSecOps is a practice that better aligns security, engineering, and operations and
infuses security throughout the DevOps lifecycle. We’d like to offer a little help on the
journey to DevSecOps. And by « help » we don’t mean « pitch you our product »—we
genuinely mean it.
Sqreen’s mission is to empower engineers to build secure web applications. We’ve put our
security knowledge to work in compiling an actionable list of best practices to help you get
a grip on your DevSecOps priorities. It’s all on the following pages.
We hope you find it useful. If you do, share it with your network. And if you don’t, please
take to Twitter to complain loudly—it’s the best way to get our attention.
The Sqreen Team