SEC 11. How do you incorporate and validate the security properties of applications throughout the design, development, and deployment lifecycle?

Training people, testing using automation, understanding dependencies, and validating the security properties of tools and applications help to reduce the likelihood of security issues in production workloads.

Best practices

SEC11-BP01 Train for application security
SEC11-BP02 Automate testing throughout the development and release lifecycle
SEC11-BP03 Perform regular penetration testing
SEC11-BP04 Conduct code reviews
SEC11-BP05 Centralize services for packages and dependencies
SEC11-BP06 Deploy software programmatically
SEC11-BP07 Regularly assess security properties of the pipelines
SEC11-BP08 Build a program that embeds security ownership in workload teams

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Application security

SEC11-BP01 Train for application security