Scribd
Upload
3K views2 pages

AppSec Pipeline Phases and Concepts

DevSecOps considers security aspects throughout the application lifecycle. It aims to include security in each phase of the development cycle using a shift left security approach. Dynamic Application Security testing, also known as black box testing, analyzes the running application without source code. Monitoring approaches like SIEM can provide sound monitoring.

Uploaded by

ADHIRAJ SINGH
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
3K views2 pages

AppSec Pipeline Phases and Concepts

DevSecOps considers security aspects throughout the application lifecycle. It aims to include security in each phase of the development cycle using a shift left security approach. Dynamic Application Security testing, also known as black box testing, analyzes the running application without source code. Monitoring approaches like SIEM can provide sound monitoring.

Uploaded by

ADHIRAJ SINGH
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
  • DevSecOps and Security Testing
  • Additional Security Considerations

1.

In the DevSecOps, during which phase of the development cycle are the security
aspects considered? -throuhout the application lifecycle

2.____________ software development approach aims to enhance the collaboration


between the software development and the IT operations team. -DevOps

[Link] phase of DevSecOps emphasizes reliability, performance, and scaling?-


security

[Link] DevSecOps, security-related activities are the sole responsibility of the


security team.-false

[Link] is the software development approach that first emphasized on incorporating


customer feedback early and often-Agile

[Link] phase involves checking the signature of binaries?-operate

7._________ approach aims to include security in each phase of the development


cycle.-Shift Left security

[Link] of the following can be used to ensure the security of the CI/CD pipeline?-
all

[Link] many distinct areas does the AppSec pipeline comprise?-Four

[Link] AppSec pipeline applies the principle of _________ into the application
security program.-DevOps and Lean

12. SAST is also known as ____________.-white box testing

13._______ helps in meditating multi-availability zone residency regularly.-chaos


gorilla

14. SAST requires the application to be running.-false

[Link] Application security testing can be used to uncover issues related to


operational [Link]

[Link] of the following SAST tools analyze to uncover vulnerabilities?All

[Link] of the following is an advantage of DevSecOps?All

[Link] ________ type of IT setup, developers or operations teams automatically


manage and provision the technology stack for an application through software.-
infrastructure as code

19. In _________ approach, the code is analyzed for security vulnerabilities, while
the application is run either manually or by an automated test. iast

20.____________ software development methodology characterizes security as a


primary consideration throughout the processes of development and delivery of
software. Rugged DevOps

21.______ helps in validating if the server can handle degradation.-latency monkey

22. Dynamic Application Security testing is also known as __________-black box


testing
23. Which of the following can be considered as a sound monitoring approach?- siem

24. RASP works as a network [Link]

1.In the DevSecOps, during which phase of the development cycle are the security aspects considered? -throuhout the applicat
23. Which of the following can be considered as a sound monitoring approach?- siem 24. RASP works as a network device.false

You might also like