Discover the level of security involved in the deployment phase in the SDLC.
- Deployment of code is one of those areas…that all too often gets ignored…when it comes to developing a secure coding plan.…This is an unfortunate oversight,…as there are many ways to improve…the security of your system at this point.…One of the weakest points of secure deployments…is how you manage the sensitive configuration…of the systems being deployed.…The use of files on a file system…or in a startup script…all too often count as secure enough,…when in reality, they fail.…
They expose significant attack vectors into your systems…or the systems you depend on.…There are, however, very powerful tools…and patterns that can be leveraged…to improve the secrecy and security…of these sensitive data points.…Some of the tooling have sophisticated APIs…and startup routines…that ensure your system will get its config,…and no one else can.…
If you're deploying to a containerized framework,…you also likely have built-in support for secrets,…so at least consider using those.…Another step that seems…to increase the security is automation.…
AuthorFrank P Moley III
- Understanding attackers and risks
- Documenting your risks
- Issues related to web client–server interactions
- Issues related to thick app and client–server interactions
- Authorization and cryptography issues
- Implementing security in each phase of the software development life cycle
Skill Level Beginner
What you need to know1m 35s
1. Security and Risk Overview
2. Web Client Server Interaction Code Issues
3. Thick App and Client-Server Interaction Issues
4. Crypto and Security Misuse Issues
5. Security in the SDLC
Next steps2m 10s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.