The following exercises are based on the case study discussed in Appendix A. These exercises
Are intended to give you some practice in applying the steps and producing deliverables for
Phase A4 of the SDL.
At this point, you’ve created a management plan and a roadmap to implement an SDL at
Revvin’ Engines. With a solid system and process that yields secure architecture and design for
An API-based system of microservices that reflect the business requirements and the security
And nonfunctional requirements for an application, you can gain assurance that the applications and infrastructure can stand up to the hostile public Internet.
As you move into the development activities, you’ll need a plan and roadmap for security at
Development time, unit testing time, integration testing time, and pre-release testing ensure that the applications are secure enough for production release.
1. Revisit the initial testing plan and include all activities you deem necessary for Application testing, both manual and tool-based.
2. Design processes to integrate testing activities in development pipelines for automation of testing tasks that can be automated. Make certain that all testing results are reported to a gatekeeper function that will fail the build if the scan policies are unmet.
3. Establish the scanner policies needed for each scanning tool or process to determine pass/failure limits that trigger appropriate security events.
4. Determine the metrics needed across all mandated testing processes and determine the most appropriate reporting methods and mechanisms.