Resources and References

Attributions, References, and Resources

The goal of all of these exercises is to help development, operations, and security better understand how each group contributes to a secure SDLC. On the development and operations side, doing exercises like Threat Modeling and Capture the Flag as mentioned previously, help them develop a better understanding of how to weave security into their processes. Similarly on the security side, exercises like owning a service through production and shadowing helps them understand why development and operations structure their workflows the way they do.

As a reminder, make sure you have a firm understanding of where your gaps are so that as you begin to shift left you are doing so in a way that meets existing needs. As you continue your journey in security, there are several common resources that are used in the industry and went into the creation of this guide.

External contributors#

Resources to Keep Handy#

How to Contribute to this Guide#

Contributors are always welcome to help us keep the guide complete and correct. Also, in order to expand the content of the guide, topics related to the following have been slated to be added over time. If you would like to contribute to these topics, make suggestions, correct any errors, etc. please feel free to reach out by submitting a pull request or issue on GitHub (repository link here as well as the upper left). You can also reach out to us on our Community Forums.

Some top level topics that we are looking at: