Azure DevSecOps JumpStart: 4-Week Proof Of Concept

Nous Infosystems Inc.

Azure DevSecOps Jumpstart by Nous is a consulting service for implementing security driven automation capabilities, scripts and process templates to address end-to-end DevSecOps on Azure.

Nous has a holistic view of security with an expert driven, tested framework for micro level security aware coding practices, deployment topology, continuous monitoring and alerts of security vulnerabilities or breaches near real time. Evolved and tested over multiple iterations, Nous’ DevSecOps artifacts evaluates and ensures security guidelines through static code analysis, tamper proof deployment architecture, validation through industry standards.

Features include:

  • Static Application Security Testing (SAST)
  • Dynamic Application Security Testing (DAST)
  • Software Composition Analysis (SCA)
  • OWASP ZAP pipeline
  • Binary static analysis tool
  • Fully operational Web and Compute playbooks to deploy Azure Security Center & Web App Firewalls (WAFs)
  • Azure pipeline templates will be used to protect against,

  • SQL injection
  • Cross-site scripting
  • DDoS
  • Common web attacks such as command injection, HTTP request smuggling, HTTP response splitting, and remote file inclusion attack
  • HTTP protocol violations and anomalies
  • Bots, crawlers, and scanners
  • Common application misconfiguration (i.e. Apache, IIS, etc.)
  • These templates can be used in a variety of deployment paradigms including,

  • Azure Web Apps
  • IaaS – VM Web Apps
  • Azure Kubernetes Cluster
  • We also offer an exhaustive dashboard with alerts by integrating Azure Security Center, Monitor and Log Analytics for,

  • Automatic detection and remediation procedure
  • Security center recommendations
  • Auditing and threat detection of SQL databases
  • Email / SMS alerts
  • Audit Reports
  • Nous' templates in DevSecOps support Scaled Agile Framework (SAFe) as well.

    ##Key Deliverables: * An Assessment Report post 3 days of onsite activities to understand processes, * Identify and deliver a pilot project engagement within 3-4 weeks.