DEV Community

loading...
Microsoft Azure

Pushing Left, Like a Boss: Part 1

Tanya Janca
AppSec Nerd, at your service.
Updated on ・1 min read

This series, and my blog, have moved! Check it out!

In all of the talks and articles I have ever written and all the advice I have ever given, I am always telling people they should “push left”. When security people say they want to “shift left”, they are referring to the left side of the System Development Life Cycle (SDLC), which is the way software engineers describe the methodology or process for making software. I say "push" because sometimes I am not invited to "shift".

If you look at the image below, the further “left” you look, the earlier you are in the process. When we say we want to “push left”, we mean we want to start security at the very beginning and perform security in every step of the SDLC.

Behold! The System Development Lifecycle - SDLC

You might be reading this and thinking “Of course! Doesn’t everyone do that? It’s so obvious.” But from I’ve seen in industry, I have to tell you, it’s not obvious. And it’s definitely not what software developers are being taught in school.

Read the rest on my NEW blog!!

Discussion (5)

Collapse
kaiax33 profile image
Kai Axford

Would also add "time" as a reason why AppSec is hard. Devs are given X time to dev/test their work and then check-in. Writing code securely will initially take additional time and Product Management often isn't always willing to allow that extra time.

Collapse
shehackspurple profile image
Tanya Janca Author

I agree, absolutely!

Collapse
syeedshah profile image
syed shah

Educating the C level stake holders should be a starting point as they are the ones that enforce security is a priority. Devs and Managers will always work towards visible goals that they can demonstrate to stakeholders. Stakeholders need to be asking is this secure.

Collapse
shehackspurple profile image
Tanya Janca Author

100%!

Collapse
syntaxseed profile image
SyntaxSeed (Sherri W)

Just stumbled on this series & very excited to read it! Added it to my Trello board of my personal learning curriculum.

Thanks!