We use cookies to further personalise and enhance the user experience, conduct analytical research (for example, counting visits and traffic sources), place advertisements and contact third parties. Users can manage their cookie settings by clicking the "Choose your preferences" link.

Cookie policy
  • Security in Schibsted
  • expand_more

Application & Cloud Security

Security should not be an afterthought but continuously be part of all the phases of the Software Development Lifecycle (SDLC).

Security practices, e.g., Threat modelling, Secure design, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software composition analysis (SCA), and scanning for hard coded secrets in code, should be performed continuously. All findings should be evaluated, and action should be taken accordingly to service specific risk appetite.

Cloud resources must be protected and audited for security issues. Cloud security posture management (CSPM) and container security scanners must be in place.