Menu

1.3 Given a scenario, integrate software applications securely into an enterprise architecture.

Baseline and templates

 Secure design patterns/types of web technologies

 Storage design patterns

 Container APIs

 Secure coding standards

 Application vetting processes

 API management

 Middleware

Software assurance

 Sandboxing/development environment

 Validating third-party libraries

 Defined DevOps pipeline

 Code signing

Interactive application security testing (IAST) vs. dynamic application security testing (DAST) vs. static application security testing (SAST)

Considerations of integrating enterprise applications

 Customer relationship management (CRM)

 Enterprise resource planning (ERP)

 Configuration management database (CMDB)

 Content management system (CMS)

 Integration enablers

  Directory services
  Domain name system (DNS)
  Service-oriented architecture (SOA)
  Enterprise service bus (ESB)

Integrating security into development life cycle

 Formal methods

 Requirements

 Fielding

 Insertions and upgrades

 Disposal and reuse

 Testing

  Regression
  Unit testing
  Integration testing
  Development approaches
  SecDevOps
  Agile
  Waterfall
  Spiral
  Versioning
  Continuous integration/continuous delivery (CI/CD) pipelines

 Best practices

  Open Web Application Security Project (OWASP)
  Proper Hypertext Transfer Protocol (HTTP) headers

Security Architecture

CASP+ Home