Previous part https://medium.com/@ahmad.aabed/devsecops-stating-the-obvious-14b53a36b53f

I am still stating the obvious when it comes to DevSecOps 😄

Review your tools

Nowadays, it became super easy to add a new tool to your stack

Log in with Github and there you go, you have a tool for code quality coverage. Allow access to AWS and there you go you have a tool for billing analysis.

While those tools are really helpful, you should always ask yourself

  • Who are the creators of a certain tool, what is their reputation
  • What the minimal access the tools can get
  • What if the creators are malicious
  • What if the creators have a malicious internal…


I am not sure if it’s wise to use the term DevSecOps or not, but why not 😃

I will be sharing some of the very obvious practices to secure modern infrastructure, you know (AWS, CI servers, Kubernetes, Docker …etc)

all the new cool stuff 😃

Why I am stating the obvious? because people are forgetful, lazy, greedy and wishful in our industry

Let me start by one of my favorite quotes regarding threat modeling

“Threat modeling is really important, because if you’re not threat modeling and you’re making security decisions, you’re really throwing things at the wall and hoping for the best.” …

Ahmad Aabed

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store