Hey everyone!
I’m currently doing some research into how developers and DevOps teams handle application security across the software development lifecycle (SDLC) — from design to deployment.
The goal is to better understand what real-world teams are doing when it comes to:
Security Across These Phases:
Design phase (do you do threat modeling?)
Development/code review (do you run SAST? Get auto-fix suggestions?)
Testing phase (any dynamic/DAST tools, custom logic testing?)
Deployment phase (cloud config checks, misconfig detection?)
What I’d Love to Learn:
How do you currently integrate security into your SDLC?
Do security tools slow you down or help you move faster?
Do you actually use the auto-fix/code suggestions from tools?
What’s the most frustrating thing about your current AppSec setup?
Why I’m Asking:
I'm exploring smarter ways to automate and simplify security across the SDLC — especially for teams without full-time AppSec engineers.
But rather than guess, I want to hear how you work:
What’s working?
What’s missing?
What would make AppSec feel less like a chore?
Drop a comment below, or DM me if you're open to a short async chat.
Any feedback — even one sentence — helps.
Thanks for sharing your experience
Top comments (0)