Agile software development (e.g. with Scrum or Kanban) has become more and more popular through out almost any business line and type of company in the last couple of years. Agile development has many advantages from a project management point of view but also presents new challenges for application security.
This is since many security requirements and activities from the classic world do not fit one-on-one into the agile world. This is especially the case when also DevOps (Continuous Delivery or Continuous Deployment) is used.
We support you with integrating security into our agile teams and help you securing your agile transition!
The following figure illustrates how security activities can be embedded into agile development with Scrum:
Agile development and security do not contradict each other but often require a new mind set, new practices, processes and technologies. We can support with this task in different ways, E.g.:
- Operative project support (e.g. defining/translating security requirements with the team, performing threat modeling, performing security tests and reviews, documentation of security)
- Coaching, trainings and workshops of your agile teams
- Alignment of existing security processes
- Specification and implementation of agile security activities and practices
- Implementation of secure guidelines (e.g. secure coding guidelines) and requirements
- Implementation of a security into build & deployment pipelines (CI/CD)