The most popular and comprehensive Open Source ECM platform
Shift Left: Bringing Security into the Development Process Early on
Shift Left. It is the cry of agile testers and refers to testing as early in the software development cycle as possible. It means to move the QA test activity to further left on the project timeline.
It’s a mantra that has been picked up now for applying security as well. Getting developers and all team members to start thinking about how security can be interwoven into the entire process is becoming more common. Security should be considered at all phases, but particularly early on during the requirements phase and architecture review.
Colin Domoney, API Security Researcher, wrote for SDTimes that “a core practice of a ‘shift left’ based development process is continuous integration and continuous delivery (CI/CD). Using an API contract it is possible to add gating controls to the pull-request (PR) process to ensure that proposed code changes adhere to the contract. Security teams can also implement gating controls in the delivery process to ensure that the deployable artifacts have the appropriate security controls.”
Tomasz Andrzej Nidecki, senior content writer, wrote in an article for Security Boulevard that “to attain top code quality it’s not enough to have secure coding requirements and secure coding guidelines in place along with a test infrastructure. Teams must not only feel obliged to follow secure coding principles during the development process and do so because their code will be tested, but they must also feel that writing secure code is in their best interest as well. Secure coding doesn’t just need rules and enforcement, it needs the right attitude.”