Azure DevSecOps JumpStart: 4-Week Proof Of Concept

Nous has a holistic view of security with an expert driven, tested framework for micro level security aware coding practices, deployment topology, continuous monitoring and alerts of security vulnerabilities or breaches near real time. Evolved and tested over multiple iterations, Nous’ DevSecOps artifacts evaluates and ensures security guidelines through static code analysis, tamper proof deployment architecture, validation through industry standards.

Features include:

Static Application Security Testing (SAST)

Dynamic Application Security Testing (DAST)

Software Composition Analysis (SCA)

OWASP ZAP pipeline

Binary static analysis tool

Fully operational Web and Compute playbooks to deploy Azure Security Center & Web App Firewalls (WAFs)

Azure pipeline templates will be used to protect against,

SQL injection

Cross-site scripting

DDoS

Common web attacks such as command injection, HTTP request smuggling, HTTP response splitting, and remote file inclusion attack

HTTP protocol violations and anomalies

Bots, crawlers, and scanners

Common application misconfiguration (i.e. Apache, IIS, etc.)

These templates can be used in a variety of deployment paradigms including,

Azure Web Apps

IaaS – VM Web Apps

Azure Kubernetes Cluster

We also offer an exhaustive dashboard with alerts by integrating Azure Security Center, Monitor and Log Analytics for,

Automatic detection and remediation procedure

Security center recommendations

Auditing and threat detection of SQL databases

Email / SMS alerts

Audit Reports

Nous' templates in DevSecOps support Scaled Agile Framework (SAFe) as well.

##Key Deliverables: * An Assessment Report post 3 days of onsite activities to understand processes, * Identify and deliver a pilot project engagement within 3-4 weeks.