16 Step 1: Plan for Security Identify unsecured APIs and frameworksMap security sensitive code portions. E.g. password changes mechanism, user authentication mechanism.Anticipate regulatory problems, plan for it.
18 Step 2: Engage the Developers. And Be Engaged Connect developers to securityGoing to OWASP? Bring a developer with you!Is your house on fire? Share the details with your developers.Have an open door approachSet up an online collaboration platform E.g. Jive, Confluence etc.
20 Step 3: Arm the Developer Secure frameworks:Use a secure framework such as Spring Security, JAAS, Apache Shiro, Symfony2ESAPI is a very useful OWASP security frameworkSCA tools that can provide security feedback on pre-commit stage.Rapid responseSmall chunks
22 Step 3: Automate the Process Integrate within your build (Jenkins, Bamboo, TeamCity, etc.)SASTDASTFail the build if security does not pass the bar.
23 Continuous Deployment DevelopCode CommitSource ControlBuild TriggerUnit TestsDeploytoProductionContinuous DeploymentDeploy to Test EnvReport&NotifyPublish to release repository
24 Security within Continuous Deployment DevelopCode CommitSource ControlBuild TriggerTestsDeploytoProductionSecurity within Continuous DeploymentDeploy to Test EnvAutomatic security testReport&NotifyPublish to release repositorySCA Test