DevSecOps Checklist

Most relevant for 🔍 Technical Evaluators

Earlier in this guide, the process for auditing Development, Security and Operations (“DevSecOps”) practices was reviewed. Through the results of applying this holistic assessment process to the technical reviews that were completed, a set of common opportunities where best practices can be improved were uncovered. Some of these may seem simple or obvious, however they were still opportunities to improve in these areas in all the assessments that were completed.

Implement secure deployment practices
Ensure secure deployment practices, such as using encrypted connections, restricting access to sensitive data, and implementing strong authentication mechanisms.
Prioritize traffic protection
Implement robust security measures to protect against traffic manipulation and eavesdropping, such as Transport Layer Security (TLS) encryption and intrusion detection systems.
Develop comprehensive test plans
Create comprehensive test plans that cover various scenarios and use automated testing tools to thoroughly evaluate the system’s functionality and performance.
Eliminate hard-coded credentials
Implement secure credential management practices, such as using secrets management tools and rotating credentials regularly.
Protect against supply chain attacks
Implement measures to protect against supply chain attacks, such as verifying the integrity of software updates and using a trusted software repository.
Secure database access and authentication
Implement secure database access controls, such as role-based access control and input validation, and ensure strong authentication mechanisms for authentication services.
Improve exception logging
Implement robust exception logging to capture and analyze errors, facilitating proactive problem resolution and enhancing system reliability.
Prioritize input sanitization
Implement rigorous input sanitization techniques to prevent malicious inputs from exploiting vulnerabilities and ensure the integrity of the system.