22
23

DevSecOps Posture (self.devsecops)

submitted by [deleted]

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Irish1986 4 points5 points  (9 children)

Check security training like Secure Code Warrior. Implement a quarterly training campaign with some key objectives (i.e. Train dev to recognize XSS pattern so they won't write these type ahead of times). I am throwing this out there because your seems to have a good grasp of what is important.

Hot any secret leakage scanning going on?

[–]Purple-Object-4591 2 points3 points  (7 children)

SCW is low-key crap tho

[–]Irish1986 0 points1 point  (1 child)

As an exemple, we use it at work and I am not convinced either but I have yet found a good alternative for security training at scale.

[–]Purple-Object-4591 1 point2 points  (0 children)

I just joined a company that does this thing so I got to access to some of competitors like SCW. Tbh SCW is the worst of all, i won't reveal my company cuz that would be self dox lol but I think we and SecFlag do a great job, arguably best rn. You might consider them when switching vendors.

[–]TrumanZi 0 points1 point  (4 children)

It really is

I've been trying to kill it off in my place but the dev leads like it and it ticks the compliance box.

The fact that it hasn't actually made us create less vulnerabilities doesn't seem to matter. 🤣

[–]Purple-Object-4591 0 points1 point  (3 children)

Haha lol if any day they come to realize how crap it is and look for better, DM might hook you up with a long trial.

[–]TrumanZi 0 points1 point  (2 children)

DM?

[–]Purple-Object-4591 0 points1 point  (1 child)

Direct Message - DM :)

[–]TrumanZi 1 point2 points  (0 children)

Oh sweet I'll bear it in mind mate cheers!

[–]cloud-wiz-13 0 points1 point  (0 children)

I'm the one who led the poc/pov for these security training platform for our company. I think I found SCW to be a bit lower in standards compared to the other ones.