Send out a notification (it doesn't even have to be an email, it could even be a notification to some Slack channel for example).Based on this we can have several Actions: In the above example, the web based scan would need to be included in the build process, run before deployment and most importantly happen in an autonomous fashion.Īs this is where I think IFTTT can come into great use! Using the above example, the Trigger would become a finding from the scan. With the whole move of software development to a Continious Integration / Continious Delivery (CI/CD) model, everything in the SDLC has to become a lot more automated. We would then file a bug, notify the relevant development team, and depending on the severity may even block the release. Say for example we have a web app scan, and it finds a XSS vulnerability. Security in a SDLC often has several measures when not met "trigger" some form of result/action. It then dawned on me, from a security persective it can fulfill a great role in a security aspect in one's SDLC. There many and many available Applets from several vendors, but one can create their own Applets as well. All of these actions and responses are accomplished via what IFTTT term an Applet. For example, if the forecast is for it to rain tomorrow, then it can then remind you to take your umbrella.
The premise of the service is that it has a Trigger upon which you can perform an Action. I've recently begun to look into using a service called If That Then This (ITFF).
0 kommentar(er)
