International Medical Device Supplier
HIPAA being the business driver, we had to build Application Security (AppSec) into the existing DevOps of an acquired company. This included, but was not limited to:
- Create procedures and establish protocols to prevent ePHI begin written to the log files.
- Create procedures and establish protocols to anonymize the data in the databases of the lower environments.
- Establish a baseline of the security posture of the application, using SAST and SCA.
- Write policies, procedures, and protocols to integrate Application Security into the SDLC.
- Define application security requirements, perform application security assessments, and provide developers with remediation guidance and advice.