Checklist
Product Security
- Vulnerability Management Program
- Secrets Management
- Responsible Vulnerability Disclosure
- Secure coding training
- Security Champions
- Threat Modeling
- Code Review Process
- Pentests
- Secure Defaults
- Standard Container Images
- Supply Chain Policy & Management
Endpoint Security
Governance, Risk and Compliance
- Vendor Onboarding
- Systems Criticality
- SLAs/OLAs Definition
- Asset Inventory
- Risk Management Framework
- Incident Management Framework
- Data Protection
- Business Continuity and Disaster Recovery
- Policies
- Security Trainings
- Tabletop Exercises and Simulations
- Compliance And Certifications
Infra & Cloud
- WAF, DDoS & Bot Protection
- Secure Resource provisioning
- Data Encryption and Key Management process
- Secure Guardrails
- Cloud-native application protection platforms (CNAPP)
- Infrastructure Scanning & Monitoring
- Honey Tokens
- Monitoring
- Hardened Containers
- Network Mapping
DevSecOps
- SAST scans
- DAST scans
- Secret scans
- SCA scans
- Container Scanning
- Secure deployments
- SBOMs
- Secure the SCM Platform
Identity & Access Management
- Access Management
- SSO
- MFA
- Zero Trust Network
- Password Manager
Secure Operations
- Threat Detection & Response (TDR)
- Incident Response
General OpSec
- Brand Protection
- Invariants monitoring
- Confirmation for Sensitive Operations
- Delegate Security Remediation
AI