behavior, and other elements. Testing from the outside-in 3. Dependency Scanning – inventory the dependencies for vulnerabilities or malicious binaries 4. Source code integrity and code signing – all contributors our business logic. We inherit the vulnerabilities of these 3rd party components ii. Examine dependencies for known vulnerabilities and consolidate multiple versions of the same library iii. 2014 Verizon

iii. Everything, everything, everything is checked into version control 1. Application code & dependencies 2. Environment scripts & creation tools 3. DB scripts and reference data 4. Containers 5. build & tests to run all time, independent of developers 2. Segregated processes so we know the dependencies – eliminates “worked on my machine” 3. Package the application to enable repeatable installation