# SEC 11. How do you incorporate and validate the security properties of applications throughout the design, development, and deployment lifecycle?
<a name="sec-11"></a>

Training people, testing using automation, understanding dependencies, and validating the security properties of tools and applications help to reduce the likelihood of security issues in production workloads.

**Topics**
+ [SEC11-BP01 Train for application security](sec_appsec_train_for_application_security.md)
+ [SEC11-BP02 Automate testing throughout the development and release lifecycle](sec_appsec_automate_testing_throughout_lifecycle.md)
+ [SEC11-BP03 Perform regular penetration testing](sec_appsec_perform_regular_penetration_testing.md)
+ [SEC11-BP04 Conduct code reviews](sec_appsec_manual_code_reviews.md)
+ [SEC11-BP05 Centralize services for packages and dependencies](sec_appsec_centralize_services_for_packages_and_dependencies.md)
+ [SEC11-BP06 Deploy software programmatically](sec_appsec_deploy_software_programmatically.md)
+ [SEC11-BP07 Regularly assess security properties of the pipelines](sec_appsec_regularly_assess_security_properties_of_pipelines.md)
+ [SEC11-BP08 Build a program that embeds security ownership in workload teams](sec_appsec_build_program_that_embeds_security_ownership_in_teams.md)