Learning Library

← Back to Library

Shift‑Left Security: Early Testing Benefits

6m • Unknown Channel • security • tutorial • beginner • Watch on YouTube ↗

Key Points

Discovering security flaws late in the SDLC often forces costly, time‑consuming rework that delays releases and disappoints users.
The traditional SDLC places testing (including security) after code is built, making it a reactive step that can miss critical vulnerabilities.
“Shift‑left” security moves security testing into the earlier development phases, enabling developers to catch and fix flaws as they code.
Integrating security early through DevSecOps fosters continuous collaboration among development, operations, and security teams, improving overall security, reducing expenses, and delivering higher‑quality software.

Sections

00:00:00 Shift‑Left Security to Prevent Late Fixes - The speaker outlines how discovering security vulnerabilities late in the SDLC causes costly delays and rework, and advocates embedding security testing early (shift‑left) to avoid these issues.

Full Transcript

# Shift‑Left Security: Early Testing Benefits **Source:** [https://www.youtube.com/watch?v=vOpIbH4RQ70](https://www.youtube.com/watch?v=vOpIbH4RQ70) **Duration:** 00:06:04 ## Summary - Discovering security flaws late in the SDLC often forces costly, time‑consuming rework that delays releases and disappoints users. - The traditional SDLC places testing (including security) after code is built, making it a reactive step that can miss critical vulnerabilities. - “Shift‑left” security moves security testing into the earlier development phases, enabling developers to catch and fix flaws as they code. - Integrating security early through DevSecOps fosters continuous collaboration among development, operations, and security teams, improving overall security, reducing expenses, and delivering higher‑quality software. ## Sections - [00:00:00](https://www.youtube.com/watch?v=vOpIbH4RQ70&t=0s) **Shift‑Left Security to Prevent Late Fixes** - The speaker outlines how discovering security vulnerabilities late in the SDLC causes costly delays and rework, and advocates embedding security testing early (shift‑left) to avoid these issues. ## Full Transcript

0:00so you just developed an application and 0:02you're ready to push forward in the 0:04market with production but discover a 0:06major security vulnerability that causes 0:08you to go back and rework the code 0:10entirely this could take days weeks or 0:13even months to fix which in turn causes 0:16your deployment deadline to slip 0:18increased costs to rework and 0:20disappointed end users who are excited 0:22about this new app so why did this 0:24happen and how can you fix this moving 0:26forward hi I'm Carolyn and I'm a product 0:29marketing manager with red hat and today 0:31we're going to be talking about shift 0:32left security and why it's important for 0:34developers and it professionals when we 0:38think about shiftleft security it's 0:39important to think about the software 0:41development life cycle or the 0:45sdlc the sdlc is a framework that 0:48developers use to develop deploy and 0:50maintain their applications and you can 0:53think of this as a line that goes from 0:55the left to the right the leftand side 0:58is all focused on coding and building 1:01the application software itself so Key 1:04activities here include planning the 1:06scope of the 1:08software defining function 1:14requirements designing key parameters 1:17like the platform or the 1:21architecture and building the software 1:24itself so that is all covered on the 1:27left hand side of the sdlc the right 1:30hand side is all focused on production 1:32so Key activities here include the 1:35testing phase which includes security 1:37tests of the 1:39application the deployment stage so 1:41making the app available to its intended 1:44end users and then lastly the 1:46maintenance stage so constantly 1:49addressing different bugs and 1:50vulnerabilities that pop up 1:53traditionally when looking at the sdlc 1:55you can see that this testing phase 1:57comes after the code has already been 2:00built the problem with this is that 2:03security flaws often times go unnoticed 2:05within the sdlc process and in turn 2:09cause for costly and complex rework 2:12later down the line this makes it a very 2:15reactive approach enter shift left 2:17security shift left security is a 2:20concept that essentially moves this 2:22security testing phase over to the 2:25leftand side of the software development 2:28life cycle where the code is actually 2:31being 2:32built this has become fundamental to 2:35Modern software application development 2:38because by doing so developers can 2:40quickly identify the security flaws as 2:43soon as they come up they can save vital 2:46time and resources and money and they 2:50can ultimately create a higher quality 2:52end 2:54product the idea of shiftleft security 2:56builds upon the common concept of Dev 2:59seop 3:00in which developer 3:03teams developer operations teams are in 3:07close collaboration with security 3:16teams it's important for devops and 3:19security teams to kind of share that 3:21responsibility of security across all 3:23departments so that they can ensure 3:26early and continuous security 3:28integration rather than leaving it as an 3:31afterthought so let's go ahead and walk 3:33through some of the benefits of shift 3:35left 3:40Security 3:42benefits so the first benefit of 3:45shiplift security is obviously you're 3:47going to have better security overall of 3:50your application so that is a huge 3:52benefit for both you and the end users 3:56you can also ensure that you're 3:57delivering your apps faster um so you 4:00are making them available for the end 4:02users as soon as you say that you are 4:05that's going to overall enhance their 4:07experience and as the developer you will 4:10ensure that you are saving time and 4:13money while additionally reducing 4:16overhead 4:18costs because you don't have to go back 4:21and rework the application as soon as 4:24you see those security vulnerabilities 4:26arise the last benefit of shift left 4:29security is that you are going to reduce 4:33overall delays in 4:36production so that's a quick list for 4:39you the bottom line is that nobody 4:41benefits When security policies are a 4:43mystery it's important for developers to 4:46not only understand security policies 4:48but include remediation within their 4:51developer tasks so they can proactively 4:53address security risks with shift left 4:56security there are a variety of tools 4:58that developers can choose from to help 5:00strengthen their Dev SEC Ops approach 5:03one of which is Red Hat Advanced cluster 5:06security for kubernetes or 5:08ACS ACS works with any kubernetes 5:12environment and it automates this the 5:14dev set op's best practices and 5:17integrates devops tools with security 5:20tools to secure workloads and shift 5:22security left ACS is included within a 5:26grouping of tools at red hat called Red 5:29Hat Trust software supply chain or 5:32tssc which helps 5:34organizations secure their workloads 5:38from the beginning of this software 5:39development life cycle rather than 5:42leaving it as an afterthought as we 5:44discussed 5:45previously if you want to learn more 5:47about these tools Red Hat ACS and 5:49trusted software supply chain along with 5:52additional resources around shift left 5:54security and Dev SEC Ops approach be 5:56sure to check out the links below that's 5:58all I have for you for today thank you 6:00for listening and we'll see you next 6:01time