|Secure Coding Best Practices for 2022|
|Written by Sigal Zigelboim|
|Monday, 19 September 2022|
Page 2 of 2
Securing the CI/CD Pipeline
A CI/CD pipeline combines continuous integration (CI) and continuous delivery or deployment (CD) into one efficient and highly automated process. DevOps and DevSecOps teams utilize CI/CD pipelines to automate the application development phases so they can consistently deliver applications to clients.
While a CI/CD pipeline helps deliver applications quickly and efficiently, it does not necessarily keep them secure. A CI/CD pipeline provides many benefits but can also introduce security concerns due to its speed and lack of visibility. Common risks include security misconfigurations, supply chain attacks, insufficient access controls, secrets exposure, and flawed third-party libraries.
Teams can mitigate these risks by prioritizing security throughout the CI/CD process, applying measures such as:
Authentication and Session Management
Implementing strong authentication, in the form of session and identity management controls on the server side, can help minimize the probability of user session hijacking or exploited compromised credentials. Here are common controls to use:
Encryption techniques make data meaningless to prevent unauthorized entities from reading it. It typically involves using encryption tools created by cryptography experts to encrypt data with keys. Improper key management can introduce risks even when using the strongest cryptography. Teams can mitigate this risk by storing keys separately from the encrypted data and using a hardware security module (HSM).
In this article, I explained the concept of secure coding and showed that even in 2022, the majority of developers say they do not have sufficient security expertise. I provided several best practices that can help developers level up their skills and adopt secure coding:
I hope this will be useful as your development team levels up its security skills in preparation for a DevSecOps future.
|Last Updated ( Thursday, 22 September 2022 )|