Shifting left is a buzzword used for conveying that making security an integral part of development is the only practical approach for agile workflows. It’s mission: Find and prevent defects early in the software delivery process. The idea is to improve quality by moving tasks from “the right” to “the left” as early in the software development lifecycle (SDLC) as possible.

The awesome assumption is that there is application security testing on “the right”, in staging and production. And a misunderstanding with fatal consequences waits around the corner too. Moving all security testing to development on “the left”, can leave big holes in security on “the right”.

To fully incorporate security into a SDLC, there needs to be a mature SDLC process in the first place. An application security program can only be as advanced as the SDLC pipeline itself.

Forever in progress ...


Best practices