look up the lesson 3.8, where we're gonna summarize everything we've learned that this module up, I found creating the slides that that was very interesting there so many concepts here and so many interesting perspectives of what we have to understand.
So we looked at why, how we need to integrate security into Dev ops. Understand that we really need management buy in for it to be successful, to be ever cut across all the different
portions of the organization. To say this is new policy.
This is what we're doing. Everybody needs to get along whenever there's any issues again that executives could cut across those those organization
we had. We looked at metrics for evaluating the success of security
as well as securities impact on the existing pipeline. If there is one
and we don't have them with some of the building blocks for Jenkins pipeline that you can see as we go through the all of the different modules so we can build on that and you'll see how it's built and added on each one of the new stages.
You talked about security for the non security staff, So security for the developers for the operations and then, obviously flipside we talked about was the security staff having a little bit understanding of what Dev ops means? What the development side, what mean, what, how what it means to run the operations and maintain
And he looked at threat modelling. So like that the awas Brett Dragon to, say, identify within the application. Here are the risks that that I found by by breaking down all the components the way they communicate their boundaries and identifying some
specific issues to the application
or even your system, and then so that we can want to get to selection of the tools we can we can. We know for sure that we've covered all the risks, and we have the tools that contest for those risks.
Let's wrap up the module with a quick quiz.
What is not a methodology for threaten widely
Unfortunately, there isn't one called bananas. I looked everywhere. I thought this would be a great one. But all I found was
stride, which he saw in the Los Threat Dragon, which is spoofing tampering, repudiation, information disclosure, denial of service, elevation of privilege
funny as well. But it's the process for attack simulation and threaten analysis