Shifting left is now a popular trend in information security. Does that mean that you should hop on the bandwagon and tear your hair out just to shift your security left? No, it does not. Actually, in most cases, if you blindly jump on this bandwagon, you could be shooting yourself in the foot. Here’s why.
What is this shift left thing anyway?
Shift left is not a new term. It is not a web application security term. It is not even an information security term.
What shifting left applies to is, basically, finding all types of software defects as early as possible. This applies to information security or web application security vulnerabilities, but it may just as well mean business logic defects that have nothing to do with security.
Why this strange combination of words? Well, software development organization diagrams usually go from left to right, where on the left you have the earliest stages of development and on the right you have the release. Therefore, moving the testing phase towards the earlier stages is, on the diagram, synonymous with shifting a box from right to left.
The term was coined all the way back in 2001, just before Acunetix was born. It was first used in an article by Larry Smith in Dr. Dobb’s Journal. As Larry Smith wrote, “shift-left testing is how I refer to a better way of integrating the quality assurance (QA) and development parts of a software project.”
The ideology of shifting left goes very much in line with agile development practices. In the case of such methodologies, QA is included in the development process, not just pushed back to the late ..
Support the originator by clicking the read the rest link below.
