Expanding Depth and Breadth of Security and Training Content and Integrations
To provide a good customer experience, all organizations must strive for a Security by Default end state “products that are secure to use out of the box.” Releasing products with vulnerabilities puts customer data at risk. Threat actors having access to personally identifiable information will do irreparable harm to customers. The burden of putting strong security measures in place (i.e. strong passwords or multi-factor authentication) should not fall upon your customers.
To achieve the Security by Default end state, organizations must adopt a Security by Design approach. Security by Design is the philosophy of ensuring that systems are built securely from the very beginning of the development process. However, implementing Security by Design is not a one-size fits all solution, as organizations, departments, and teams all have different needs. The right solution to adopt or optimize your Security by Design approach must address your organization’s current needs, integrate with your existing tech stack, and reduce the number of security requirements your developers have to address.
Security Compass, the Security by Design company, has developed two developer-centric solutions, SD Elements and Application Security Training (formerly eLearning), which allows organizations to embed product security early on in the development process. Both solutions enable organizations, departments, and teams to release secure code faster through training, automatically identifying and prioritizing software threats, recommending countermeasures, and reducing the risk of insecure design.
With the release of SD Elements 2023.2, Security Compass is making Security by Design easier than ever for software development teams. New features now available in SD Elements 2023.2 include:
- Improvements to the SD Elements survey
- New and updated security content
- Enhanced user lifecycle management experience
- New and updated Just-In-Time-Training (JITT) modules and Application Security Training courses
Survey Enhancements
The SD Elements survey is the most essential aspect of a threat model. To create a complete threat model, the survey can require collaboration amongst multiple users across teams, depending on the complexity of the system. Prior to the 2023.2 release, it was challenging for users to identify what changes had been made. For the stakeholder who is responsible for submitting the survey, there was no ability to review the changes.
With the 2023.2 release, any changes made in the survey will now be highlighted. When the owner is ready to submit the survey, they will be directed to a confirmation page where they will have the opportunity to review all the changes. This update will reduce the time spent reviewing survey answers.
User Lifecycle Management Enhancements
It is the responsibility of the SD Elements administrator to oversee the user lifecycle management experience. In previous releases, we addressed onboarding by adding the ability to import groups and roles from identity providers into SD Elements. However, this feature only worked via API and not directly within the SD Elements user interface (UI). Reactivating suspended users was also a challenge prior to this release. If an identity provider does not allow for scheduled reactivation, then this must happen manually within SD Elements, which is a labor-intensive process.
With the SD Elements 2023.2 release, SD Elements is enhancing the onboarding experience and automating the reactivation of inactive users.The new onboarding experience allows organizations to leverage SD Element’s current Single Sign-On (SSO) authentication, extending SD Elements SAML configurations via UI to provide the ability to map Identity Provider (IdP) groups to SD Elements group(s) and map IdP roles to SD Elements roles. With scheduled reactivation, SD Elements administrators can set a date to activate a suspended user’s identity. Once the date arrives, the user will automatically be granted access to SD Elements.
New Security Content
SD Elements 2023.2 now provides the following security content library updates:
- ISO 21434 (Automotive Industry): New developer-centric recommendations and out of the box countermeasures for how to satisfy ISO 21434 requirements
- OWASP IoT Top 10: New and updated developer-centric recommendations for how to address the most common security risks that can make IoT devices vulnerable
- OWASP Privacy Top 10: New OWASP Privacy Top 10 report and developer-centric recommendations and countermeasures based on the OWASP Privacy Top 10 Project
Just-in-Time-Training (JITT) Updates
Just-in-Time Training micromodules have been updated in SD Elements 2023.2 for Defending Node.js and Defending Java. For a complete list of the 800+ JITT micromodules now available within SD Elements, please see Security Compass’ Training Curriculum. (If you are a current SD Elements customer but do not currently have a JITT subscription and would like to learn more, please contact Customer Success or Book a Demo.)
Application Security Training Courses
The following Security Compass Application Security Training courses are now available:
- Defending Node.js
- Defending Java
To learn more about these courses, as well as the more than 40+ other Application Security Training courses covering application security, operational security, compliance, and general awareness, please visit the Application Security Training page.
Learn More
Security Compass, the Security by Design company, helps organizations who develop software save time and money and reduce cyber risks through education and by taking an automated, developer-centric approach to software threat modeling, secure development, and compliance. This approach enables software developers and security teams to:
- Understand best practices for embedding product security
- Continuously model threats at scale
- Proactively write code that significantly reduces risks and remediation costs
- Demonstrate compliance with secure software development standards more easily
- Accelerate software time to market
If you are a current SD Elements customer, please reach out to your Customer Success Manager to learn more.
If you are new to SD Elements, request a demo to learn more.