https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/SC-100/page_112_img_2.jpg

Threat modeling is a security activity performed early in the SDLC to identify and mitigate design-level threats, making the Plan and develop stage the most precise fit. Dynamic application security testing (DAST) involves testing the application while it is running (usually in a test/staging environment), which logically occurs after the build is complete but before deployment, placing it in the Build and test phase. Actionable intelligence refers to the continuous collection and use of real-time security data from the production environment (telemetry, logs) to inform and enhance defenses, which is the definition of a security task in the Operate or monitoring phase of the pipeline.

Microsoft. Cloud Adoption Framework for Azure: Secure DevOps (Section: Security activities in the CI/CD pipeline). Retrieved October 2025. (Specifically details Threat Modeling during the 'Plan' phase and DAST during the 'Test' phase).

Microsoft. Azure Security Center documentation: Actionable security recommendations. Retrieved October 2025. (Relates "actionable intelligence" to continuous monitoring and operational security in the post-deployment phase).

OWASP. Software Assurance Maturity Model (SAMM): Design Phase - Threat Modeling. V2.0, Section 3.1. (Threat modeling is defined as a design activity, supporting 'Plan and develop').

Howard, M., & Lipner, S. The Security Development Lifecycle. Microsoft Press, 2006. (Conceptual basis for integrating security into development, where design analysis (Threat Modeling) precedes implementation, and testing (DAST) precedes release).

IEEE Xplore. R. V. K. T. Rajan and M. D. R. Reddy, "Integrating security testing in DevOps with CI/CD pipeline," 2021 International Conference on Advances in Computing and Communications (ICACC), Kochi, India, 2021, pp. 1-6. DOI: 10.1109/ICACC54084.2021.9670067. (Discusses DAST execution after the build stage within the CI/CD test phase, supporting 'Build and test').