{"id":44153,"date":"2022-09-15T13:47:04","date_gmt":"2022-09-15T17:47:04","guid":{"rendered":"https:\/\/www.andysowards.com\/blog\/?p=44153"},"modified":"2022-09-15T13:47:05","modified_gmt":"2022-09-15T17:47:05","slug":"going-pro-a-secure-development-pipeline-for-your-web-applications","status":"publish","type":"post","link":"https:\/\/www.andysowards.com\/blog\/2022\/going-pro-a-secure-development-pipeline-for-your-web-applications\/","title":{"rendered":"Going Pro: a Secure Development Pipeline for Your Web Applications"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">What is Web Application Security?&nbsp;<\/h2>\n\n\n\n<p>Web application security enables you to build websites that function as intended, even when under attack. It involves engineering various security controls into the web application to protect its assets from potential threat actors.&nbsp;<\/p>\n\n\n\n<p>All web applications contain defects that threat actors can exploit to launch attacks. Web application security helps protect against these threats by applying secure development practices and security controls across the entire software development life cycle (SDLC). The goal is to address design flaws and implementation bugs as early as possible.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is Continuous Delivery?&nbsp;<\/h2>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"Continuous Delivery Pipelines: How to Build Better Software Faster \u2022 Dave Farley \u2022 GOTO 2021\" width=\"500\" height=\"281\" data-src=\"https:\/\/www.youtube.com\/embed\/MYVrLXKJp0Y?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" data-load-mode=\"1\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<p><a href=\"https:\/\/codefresh.io\/learn\/continuous-delivery\/\" target=\"_blank\" rel=\"noreferrer noopener\">Continuous delivery processes<\/a> automatically prepare code changes for a production release. It is a pillar of modern application development that expands on continuous integration to deploy all code changes to a testing environment and a production environment after the build phase. It produces a deployment-ready build artifact that has passed a test process.&nbsp;<\/p>\n\n\n\n<p>Continuous delivery enables you to automate testing beyond unit tests to verify application updates across several areas before releasing a product to customers. Common tests include user interface (UI) testing, integration testing, load testing, and API reliability testing. It helps validate updates more thoroughly and identify issues.&nbsp;<\/p>\n\n\n\n<p>Here are notable benefits of continuous delivery:<\/p>\n\n\n\n<ul><li><strong>Simplicity<\/strong>\u2014continuous delivery enables you to spend less time preparing your code for release, and you do not have to bundle several individual changes together for a large release. Instead, you can continuously release and update code in small increments.<\/li><li><strong>Faster debugging<\/strong>\u2014continuously delivering small releases helps quickly identify bugs in new code. If you find a bug in code deployed to production, you can isolate it to one of the previous incremental updates, fix the issue, test it, redeploy it, and then receive feedback on the fix.<\/li><li><strong>Faster development cycles<\/strong>\u2014continuous delivery facilitates faster application iterations, ensuring many developers can collaborate at different times without putting other projects at risk. If one iterative process becomes unmanageable due to project complexity, continuous ensures you can get back to smaller, more frequent releases that are more predictable, manageable, and reliable.<\/li><\/ul>\n\n\n\n<p>Unlike on-premises testing, cloud vendors offer cost-effective and simple ways to automate the creation and replication of several testing environments.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">DevSecOps: Secure Your Web Apps throughout the SDLC&nbsp;<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><a href=\"https:\/\/medium.com\/quick-code\/how-to-secure-web-apps-a-web-app-security-checklist-bb27cf049d1d\" target=\"_blank\" rel=\"noreferrer noopener\"><img decoding=\"async\" data-src=\"https:\/\/www.andysowards.com\/blog\/assets\/How-to-Secure-Web-Apps-\u2014-A-Web-App-Security-Checklist.jpg\" alt=\"\" class=\"wp-image-44156 lazyload\" width=\"845\" height=\"634\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 845px; --smush-placeholder-aspect-ratio: 845\/634;\" \/><\/a><figcaption><em>How to Secure Web Apps \u2014 A Web App Security Checklist<\/em><\/figcaption><\/figure>\n\n\n\n<p>In the past, development teams implemented security at the end of the SDLC after the product was complete. As a result of this siloed approach to security, the project had to undergo expensive security mitigation efforts or was released with critical security vulnerabilities. This approach puts customers, developers, and all stakeholders at risk.<\/p>\n\n\n\n<p>DevSecOps is a software development methodology that unites three main functions\u2014development (Dev), security (Sec), and IT operations (Ops). This collaborative work results in a continuous workflow incorporating security across the entire SDLC.<\/p>\n\n\n\n<p>Here is the typical DevSecOps workflow:<\/p>\n\n\n\n<ul><li><strong>Development<\/strong>\u2014the team develops products within a version control system.<\/li><li><strong>Analysis<\/strong>\u2014a team member is responsible for analyzing all changes in the application, considering the component\u2019s security weaknesses, the code\u2019s quality, and possible bugs.<\/li><li><strong>Configuration<\/strong>\u2014the team deploys the application with security configurations.<\/li><li><strong>Testing<\/strong>\u2014a DevSecOps team must automate application testing to check the back end, integration, user interface (UI), and security areas.<\/li><li><strong>Deployment<\/strong>\u2014once an application passes the testing phase, it can move to a production environment.<\/li><li><strong>Monitoring<\/strong>\u2014deployment is not the end of the process. DevSecOps implement various monitoring measures to achieve continuous visibility into the application\u2019s performance, security, and behavior in the production environment.<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security Testing Tools for DevSecOps Teams<\/h3>\n\n\n\n<p>There is no secret formula for implementing security across the SDLC. A mature application security programs typically combine various measures with the relevant tools at the suitable point in the SDLC and automate as many processes as possible.&nbsp;<\/p>\n\n\n\n<p>DevSecOps typically leverage static <a href=\"https:\/\/www.mend.io\/resources\/blog\/best-sast-tools\/\" target=\"_blank\" rel=\"noreferrer noopener\">application security testing (SAST) tools<\/a> to automatically check their source code for vulnerabilities and security issues, and <a href=\"https:\/\/brightsec.com\/blog\/dast-dynamic-application-security-testing\/\" target=\"_blank\" rel=\"noreferrer noopener\">dynamic application security testing (DAST)<\/a> to find vulnerabilities external actors can use to attack the application.&nbsp;<\/p>\n\n\n\n<p>As the security landscape constantly changes, it is critical to implement tools that provide continuous visibility and a high level of automation. Ideally, your DevSecOps security stack provides coverage across all SDLC phases, so you can fix issues early when it is easier and more cost-effective to remediate.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Implement Security for all SDLC Phases<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.smashingmagazine.com\/2017\/04\/secure-web-app-http-headers\/\" target=\"_blank\" rel=\"noreferrer noopener\"><img decoding=\"async\" width=\"1024\" height=\"683\" data-src=\"https:\/\/www.andysowards.com\/blog\/assets\/devsecops-secure-application-development-as-you-go-SDLC-1024x683.jpg\" alt=\"\" class=\"wp-image-44157 lazyload\" data-srcset=\"https:\/\/www.andysowards.com\/blog\/assets\/devsecops-secure-application-development-as-you-go-SDLC-1024x683.jpg 1024w, https:\/\/www.andysowards.com\/blog\/assets\/devsecops-secure-application-development-as-you-go-SDLC-768x512.jpg 768w, https:\/\/www.andysowards.com\/blog\/assets\/devsecops-secure-application-development-as-you-go-SDLC-1536x1024.jpg 1536w, https:\/\/www.andysowards.com\/blog\/assets\/devsecops-secure-application-development-as-you-go-SDLC-2048x1366.jpg 2048w\" data-sizes=\"(max-width: 1024px) 100vw, 1024px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/683;\" \/><\/a><figcaption><em>How To Secure Your Web App With HTTP Headers<\/em><\/figcaption><\/figure>\n\n\n\n<p>DevSecOps requires prioritizing application security during each phase of the SDLC. Here are notable best practices to consider:<\/p>\n\n\n\n<p><strong>1. Training<\/strong>&nbsp;<\/p>\n\n\n\n<p>All parties involved in the SDLC must receive basic security training and regular updates on security best practices. The goal is to foster a security culture that continuously maintains security according to well-established standards and policies.<\/p>\n\n\n\n<p><strong>2. Requirements<\/strong>&nbsp;<\/p>\n\n\n\n<p>If you collect and store sensitive customer data, you must comply with data privacy and security regulations. It typically involves encrypting data in transit and at rest across all SDLC phases and implementing additional, applicable requirements.&nbsp;<\/p>\n\n\n\n<p><strong>3. Design<\/strong>&nbsp;<\/p>\n\n\n\n<p>After you investigate the relevant regulatory requirements concerning security, you must create an architecture corresponding to software and security requirements. It involves identifying and planning the necessary security controls as part of the application design process.<\/p>\n\n\n\n<p><strong>4. Implementation<\/strong>&nbsp;<\/p>\n\n\n\n<p>You must obtain security feedback while coding as often and early as possible. Since this phase is typically the most labor-intensive, you should run continuous automated security assessments that provide the information needed to address issues in near real-time.<\/p>\n\n\n\n<p><strong>5. Quality assurance<\/strong>&nbsp;<\/p>\n\n\n\n<p>You should test new code before deploying it to production to ensure it functions as intended. You can test for functional requirements as well as security requirements. DevSecOps teams never skip over security testing at this stage.<\/p>\n\n\n\n<p><strong>6. Production<\/strong>&nbsp;<\/p>\n\n\n\n<p>The deployment phase must include continuous testing to maintain security assurance and protect the application. Since each update to a production application can potentially introduce flaws, you must subject code updates to production and source testing.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>In this article, I explained the basics of application security and modern CI\/CD pipelines, and showed the essential steps for creating a secure software development lifecycle:<\/p>\n\n\n\n<ol><li>Training development staff on security best practices<\/li><li>Adding security considerations to requirements and planning<\/li><li>Ensuring software design and architecture follows security best practices<\/li><li>Taking care of security during software implementation<\/li><li>Performing rigorous quality assurance with automated security testing<\/li><li>Testing and monitoring applications for security issues in production<\/li><\/ol>\n\n\n\n<p>I hope this will help you level up your web application security program.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>What is Web Application Security?&nbsp; Web application security enables you to build websites that function as intended, even when under attack. It involves engineering various security controls into the web<\/p>\n","protected":false},"author":1,"featured_media":44157,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"footnotes":""},"categories":[537,109,4206],"tags":[9524,5891,5885,483,988,20,15550,15548,177,13082,5937,5879,21,115,272,5890,10099,15549,7859],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Going Pro: a Secure Development Pipeline for Your Web Applications<\/title>\n<meta name=\"description\" content=\"What is Web Application Security?&nbsp; Web application security enables you to build websites that function as intended, even when under attack. It\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.andysowards.com\/blog\/2022\/going-pro-a-secure-development-pipeline-for-your-web-applications\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Going Pro: a Secure Development Pipeline for Your Web Applications\" \/>\n<meta property=\"og:description\" content=\"What is Web Application Security?&nbsp; Web application security enables you to build websites that function as intended, even when under attack. It\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.andysowards.com\/blog\/2022\/going-pro-a-secure-development-pipeline-for-your-web-applications\/\" \/>\n<meta property=\"og:site_name\" content=\"Daily Business Resources for Entrepreneurs, Web Designers, &amp; Creatives by Andy Sowards\" \/>\n<meta property=\"article:publisher\" content=\"http:\/\/facebook.com\/andysowardsfan\" \/>\n<meta property=\"article:published_time\" content=\"2022-09-15T17:47:04+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-09-15T17:47:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.andysowards.com\/blog\/assets\/devsecops-secure-application-development-as-you-go-SDLC.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1707\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Andy Sowards\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@andysowards\" \/>\n<meta name=\"twitter:site\" content=\"@andysowards\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Andy Sowards\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.andysowards.com\/blog\/2022\/going-pro-a-secure-development-pipeline-for-your-web-applications\/\",\"url\":\"https:\/\/www.andysowards.com\/blog\/2022\/going-pro-a-secure-development-pipeline-for-your-web-applications\/\",\"name\":\"Going Pro: a Secure Development Pipeline for Your Web Applications\",\"isPartOf\":{\"@id\":\"https:\/\/www.andysowards.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.andysowards.com\/blog\/2022\/going-pro-a-secure-development-pipeline-for-your-web-applications\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.andysowards.com\/blog\/2022\/going-pro-a-secure-development-pipeline-for-your-web-applications\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.andysowards.com\/blog\/assets\/devsecops-secure-application-development-as-you-go-SDLC.jpg\",\"datePublished\":\"2022-09-15T17:47:04+00:00\",\"dateModified\":\"2022-09-15T17:47:05+00:00\",\"author\":{\"@id\":\"https:\/\/www.andysowards.com\/blog\/#\/schema\/person\/2e0f72bd7f6497fd883e2bd67d9f3415\"},\"description\":\"What is Web Application Security?&nbsp; Web application security enables you to build websites that function as intended, even when under attack. It\",\"breadcrumb\":{\"@id\":\"https:\/\/www.andysowards.com\/blog\/2022\/going-pro-a-secure-development-pipeline-for-your-web-applications\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.andysowards.com\/blog\/2022\/going-pro-a-secure-development-pipeline-for-your-web-applications\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.andysowards.com\/blog\/2022\/going-pro-a-secure-development-pipeline-for-your-web-applications\/#primaryimage\",\"url\":\"https:\/\/www.andysowards.com\/blog\/assets\/devsecops-secure-application-development-as-you-go-SDLC.jpg\",\"contentUrl\":\"https:\/\/www.andysowards.com\/blog\/assets\/devsecops-secure-application-development-as-you-go-SDLC.jpg\",\"width\":2560,\"height\":1707},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.andysowards.com\/blog\/2022\/going-pro-a-secure-development-pipeline-for-your-web-applications\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.andysowards.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Going Pro: a Secure Development Pipeline for Your Web Applications\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.andysowards.com\/blog\/#website\",\"url\":\"https:\/\/www.andysowards.com\/blog\/\",\"name\":\"Daily Business Resources for Entrepreneurs, Web Designers, &amp; Creatives by Andy Sowards\",\"description\":\"Design Inspiration &amp; Business Resources for Creatives\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.andysowards.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.andysowards.com\/blog\/#\/schema\/person\/2e0f72bd7f6497fd883e2bd67d9f3415\",\"name\":\"Andy Sowards\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.andysowards.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/15f95b011563b5894883b22bd4b32d59?s=96&r=pg\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/15f95b011563b5894883b22bd4b32d59?s=96&r=pg\",\"caption\":\"Andy Sowards\"},\"description\":\"Im a professional Freelancer specializing in Web Developer, Design, Programming web applications. Im an Avid member of the Design\/Development community and a Serial Blogger. follow me on Twitter @AndySowards\",\"sameAs\":[\"https:\/\/www.andysowards.com\"],\"url\":\"https:\/\/www.andysowards.com\/blog\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Going Pro: a Secure Development Pipeline for Your Web Applications","description":"What is Web Application Security?&nbsp; Web application security enables you to build websites that function as intended, even when under attack. It","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.andysowards.com\/blog\/2022\/going-pro-a-secure-development-pipeline-for-your-web-applications\/","og_locale":"en_US","og_type":"article","og_title":"Going Pro: a Secure Development Pipeline for Your Web Applications","og_description":"What is Web Application Security?&nbsp; Web application security enables you to build websites that function as intended, even when under attack. It","og_url":"https:\/\/www.andysowards.com\/blog\/2022\/going-pro-a-secure-development-pipeline-for-your-web-applications\/","og_site_name":"Daily Business Resources for Entrepreneurs, Web Designers, &amp; Creatives by Andy Sowards","article_publisher":"http:\/\/facebook.com\/andysowardsfan","article_published_time":"2022-09-15T17:47:04+00:00","article_modified_time":"2022-09-15T17:47:05+00:00","og_image":[{"width":2560,"height":1707,"url":"https:\/\/www.andysowards.com\/blog\/assets\/devsecops-secure-application-development-as-you-go-SDLC.jpg","type":"image\/jpeg"}],"author":"Andy Sowards","twitter_card":"summary_large_image","twitter_creator":"@andysowards","twitter_site":"@andysowards","twitter_misc":{"Written by":"Andy Sowards","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.andysowards.com\/blog\/2022\/going-pro-a-secure-development-pipeline-for-your-web-applications\/","url":"https:\/\/www.andysowards.com\/blog\/2022\/going-pro-a-secure-development-pipeline-for-your-web-applications\/","name":"Going Pro: a Secure Development Pipeline for Your Web Applications","isPartOf":{"@id":"https:\/\/www.andysowards.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.andysowards.com\/blog\/2022\/going-pro-a-secure-development-pipeline-for-your-web-applications\/#primaryimage"},"image":{"@id":"https:\/\/www.andysowards.com\/blog\/2022\/going-pro-a-secure-development-pipeline-for-your-web-applications\/#primaryimage"},"thumbnailUrl":"https:\/\/www.andysowards.com\/blog\/assets\/devsecops-secure-application-development-as-you-go-SDLC.jpg","datePublished":"2022-09-15T17:47:04+00:00","dateModified":"2022-09-15T17:47:05+00:00","author":{"@id":"https:\/\/www.andysowards.com\/blog\/#\/schema\/person\/2e0f72bd7f6497fd883e2bd67d9f3415"},"description":"What is Web Application Security?&nbsp; Web application security enables you to build websites that function as intended, even when under attack. It","breadcrumb":{"@id":"https:\/\/www.andysowards.com\/blog\/2022\/going-pro-a-secure-development-pipeline-for-your-web-applications\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.andysowards.com\/blog\/2022\/going-pro-a-secure-development-pipeline-for-your-web-applications\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.andysowards.com\/blog\/2022\/going-pro-a-secure-development-pipeline-for-your-web-applications\/#primaryimage","url":"https:\/\/www.andysowards.com\/blog\/assets\/devsecops-secure-application-development-as-you-go-SDLC.jpg","contentUrl":"https:\/\/www.andysowards.com\/blog\/assets\/devsecops-secure-application-development-as-you-go-SDLC.jpg","width":2560,"height":1707},{"@type":"BreadcrumbList","@id":"https:\/\/www.andysowards.com\/blog\/2022\/going-pro-a-secure-development-pipeline-for-your-web-applications\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.andysowards.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Going Pro: a Secure Development Pipeline for Your Web Applications"}]},{"@type":"WebSite","@id":"https:\/\/www.andysowards.com\/blog\/#website","url":"https:\/\/www.andysowards.com\/blog\/","name":"Daily Business Resources for Entrepreneurs, Web Designers, &amp; Creatives by Andy Sowards","description":"Design Inspiration &amp; Business Resources for Creatives","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.andysowards.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.andysowards.com\/blog\/#\/schema\/person\/2e0f72bd7f6497fd883e2bd67d9f3415","name":"Andy Sowards","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.andysowards.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/15f95b011563b5894883b22bd4b32d59?s=96&r=pg","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/15f95b011563b5894883b22bd4b32d59?s=96&r=pg","caption":"Andy Sowards"},"description":"Im a professional Freelancer specializing in Web Developer, Design, Programming web applications. Im an Avid member of the Design\/Development community and a Serial Blogger. follow me on Twitter @AndySowards","sameAs":["https:\/\/www.andysowards.com"],"url":"https:\/\/www.andysowards.com\/blog\/author\/admin\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/posts\/44153"}],"collection":[{"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/comments?post=44153"}],"version-history":[{"count":2,"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/posts\/44153\/revisions"}],"predecessor-version":[{"id":44158,"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/posts\/44153\/revisions\/44158"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/media\/44157"}],"wp:attachment":[{"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/media?parent=44153"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/categories?post=44153"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.andysowards.com\/blog\/wp-json\/wp\/v2\/tags?post=44153"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}