In Agile there is no time for extensive security testing at the end. Ideally, you want to ship your code right after the sprint. In collaboration with a Dutch bank, we designed an Agile / Continuous Security Testing service to integrate security into the sprints. Resulting in more secure (by design) software, better security, better awareness and no last-minute surprises!
Security sign-off during your sprints. Secure by design Software. Minimal delays. No last-minute surprises. Improve awareness.
We start with a baseline review to fully test/review the product your team is working on. This is important to get a good impression of the level of security of the existing code base, and the current level of security awareness within the team.
During the refinement phase, before a line of code is written, we identify user-stories that might have an impact on security. The perfect time to proactively advise your team with regards to focus points and security acceptation criteria. Preventing over fixing!
When a new feature relevant to security is ready it can be reviewed directly during the sprints. Providing early feedback to the team while the code is still fresh in mind.
During the sprints our team is available to help you out on any security-related challenges or questions. Your team's security champion.
A sprint-review (diff) will be done at the end of each sprint. The goal is to ascertain that no security flaws have been introduced during the sprint. After the sprint review, security sign-off will take place.
When not going live after each sprint, security sign-off can take place on release level instead of sprint level. The exact process will off course be tailored to fit your specific workflow.