Application Security
Shift-Left Security
Also known as: Shift left, Early security testing
Definition
The practice of moving security activities earlier in the software lifecycle so vulnerabilities are found and fixed before code reaches production.
Examples
- Adding a Semgrep pre-commit hook so developers see findings before pushing.
- Running Checkov against Terraform in CI to block insecure cloud configurations.
Related terms
DevSecOps
A culture and set of practices that integrates security responsibilities into DevOps workflows so engineers ship secure software continuously and at speed.
Secure Software Development Lifecycle (SSDLC)
A development lifecycle in which security activities are embedded into every phase, from requirements and design through coding, testing, release and operations.
SAST (Static Application Security Testing)
Automated analysis of source code, bytecode or binaries — without executing it — to find security weaknesses such as injection, unsafe APIs or insecure crypto.
SCA (Software Composition Analysis)
Automated analysis of an application's open-source and third-party components to identify known vulnerabilities, license issues and outdated or risky dependencies.
Threat Modeling
A structured analysis that identifies the assets, threats, vulnerabilities and mitigations of a system so security can be designed in rather than bolted on.
Secure Coding
Secure Coding — definition coming soon.