The document discusses securing continuous delivery through contextual threat modeling and automated security assurance, emphasizing collaborative efforts between delivery teams and security experts. It advocates for understanding goals before adopting security tools and highlights the importance of combining various testing techniques to enhance security feedback loops. Continuous learning from production and adapting to changes is essential for preventing security issues during delivery.

1. Secure Continuous Delivery
with Stuart Gunter

2. A common approach to security

3. Shortcomings of the common approach

4. Contextual threat modelling
What are we building?
What could go wrong?
What should we do about it?
Is it correct?

5. Contextual threat modelling
https://secure-delivery.playbook.ee/practices/build/stories-and-epics#iterative-and-incremental-threat-modelling
What are we building?
What could go wrong?
What should we do about it?
Is it correct?
● Collaborative activity including delivery team and
security
● Don’t get bogged down choosing the perfect method
● Detailed technical discussion
○ Varied security expertise is valuable here (SecOps, Red
Teams, Pen Testers, Security Architects, etc.)
○ Enough detail to build the right thing, right
○ Generate testable requirements
● Shift security from rubber-stampers to SMEs
● Continued practice improves speed and proficiency

6. Automated security assurance
https://secure-delivery.playbook.ee/practices/build/security-in-the-pipeline#security-analysis-on-every-build
Security
Tools
Security
Tests
● Do not add any tools until you understand what
you’re trying to achieve and how the tool works
● Validate security alongside feature delivery
● Threat modelling output should help drive security
testing
● Combine security tools with custom tests
● Include app and infra security tests
● If a security control is critical enough to prevent you
going live, prove that it works with every release
● Invest in policy-as-code

7. Learning from production
Unexpected configuration change
(malicious or accidental)
Newly-discovered vulnerability
Temporal change (e.g. certificate
expiry)
Technological progress (e.g. advances
in browser security features)
Missing test
Invalid assumption

8. Learning from production
● Design a security feedback loop for production
● Combine techniques to maximise learning
○ Penetration testing
○ Vulnerability disclosure policy
○ Bug bounties
○ Chaos engineering
● The goal is to prevent security issues from reaching production, so use these
exercises to improve earlier stages in the pipeline
https://secure-delivery.playbook.ee/practices/operate/security-testing-in-production

9. Continuous Delivery is a journey

10. Secure Delivery Playbook
https://secure-delivery.playbook.ee/