What is “Security-as-Code?”
Security-as-Code is an Application Security methodology for utilizing machine-readable definition files that use high-level descriptive coding language to apply immutable and continuous security behavior in the runtime or virtual machine (VM).
This strategy dramatically reduces the need for human intervention, offers autonomy to security teams, and frees engineers to focus on product development rather than vulnerability remediation.
Why write this book?
There are currently a great many resources available on the internet. However, the concept of “Security-as-Code” is still in its infancy, and there is not yet widespread agreement in the Application Security community over what precisely this concept entails.
The problem with these sites is that their information is disorganized and geared toward the author’s agenda. There is no prominent place to begin or path to follow to acquire information regarding security as code, and very little of it is objective.
While we offer a Security-as-Code platform, we make a conscious effort to represent Security-as-Code honestly and optimistically for what it may be – not just what we deliver today.
Because of this, we decided to write a handbook. This page is your entry point to become an expert in Security as Code, regardless of whether you are just beginning your adventure with Security as Code or are already familiar with the fundamentals.
In the following chapters, we will explore the following:
- Why Security-as-Code is a required evolution of Application Security.
- Logical characteristics Security-as-Code solutions should include using Infrastructure-as-Code as a reference point.
- How these solutions change the economics of Application Security forever.