The security of our web applications plays a huge role in the success of our federal enterprise websites and their continuous improvements and updates. The recent cyberattacks prompted the Biden Administration to issue Executive Order 14028, aimed at improving the nation's cybersecurity posture and, with that, the push to shape a new revision of the Secure Software Development Framework (SSDF) by NIST. The process of requesting authorization to perform security testing on production sites can take a long time and is much riskier than testing locally.
In this session, we will cover the SSDF framework around our Drupal projects and how we can use the OWASP ZAP tool, an open-source web application security scanner, to test our web applications locally before we push code to production. In this session, you will learn:
- Why cybersecurity should be an integral part of new features development planning
- What are some best practices to implement when we create digital experiences
- What tools can be used to help us audit cybersecurity on websites
- How can this help your ATO (Authorization to Operate) process for federal websites