Practice shift-left security vocabulary: moving security earlier in the SDLC, security champion programmes, developer security training, security by design, and threat modeling in sprints.
0 / 5 completed
1 / 5
What does 'shift left security' mean?
Shift-left security means moving security activities from the end of the SDLC (where fixing issues is expensive) to the beginning — threat modeling in design, SAST in CI, and security training for developers. Fixing a vulnerability at design costs 100x less than fixing it in production.
2 / 5
What is a 'security champion programme'?
Security champions are developers within product teams who receive additional security training and act as the first line of security advice for their team. The programme scales security expertise without requiring a dedicated security engineer on every team.
3 / 5
'Security by design' means:
Security by design treats security as a foundational architectural requirement, not an add-on. Systems designed with security in mind from day one have fewer vulnerabilities than systems where security was bolted on after the fact.
4 / 5
A team says 'we do ___ modeling as part of sprint planning.' What word fits?
Threat modeling as part of sprint planning means that before implementing a new feature, the team identifies potential threats, attack vectors, and security requirements. This is the practical implementation of shift-left security at the sprint level.
5 / 5
Which statement best describes 'developer security training' in a DevSecOps context?
Effective developer security training is role-specific, continuous, and practical. It covers topics like SQL injection prevention, secure authentication patterns, and how to interpret SAST findings — empowering developers to write secure code from the start.