DevSecOps

October 07, 2019

The concept of infusing security into the mindset and the processes of software delivery is often called "DevSecOps." Since developers, testers, and operations staff are all part of the same DevOps team, they must all take responsibility for their software's security, from design through development, and out into production. Here are some practical steps that teams can take to introduce security into their DevOps pipelines, making them DevSecOps pipelines ...

October 03, 2019

In the first blog of this series, I discussed what would it take to insert security into DevOps and arrived at the helpful mnemonic SECURIDY to capture the key requirements. As a continuation of that blog, I thought it would be valuable to take some of the popular technologies and measure them against this framework to see which are still well-suited for today's world of DevOps, as well as which fall short and why ...

September 30, 2019

Today, performance bugs and memory bugs are the least of the worries facing the developer community. Instead, a new crisis has surfaced: security bugs. Security bugs are so much more concerning than the other bugs because security bugs will get you "pwned!" ...

September 25, 2019

DevSecOps has shown the IT industry an effective way to deal with security issues in DevOps lifecycle. But successful security integration into DevOps pipelines through DevSecOps requires adoption of certain tools, resources and practices that can unite Dev, Ops and Security teams under the ambit of DevSecOps culture. Here are 6 best practices for successful DevSecOps implementation ...

September 23, 2019

Cloud infrastructure has seen accelerating levels of automation over the past few years. While the new, unprecedented level of automation delivers benefits like speed and agility, it also introduces enormous risk. The probability of identities misusing privileges (whether intentional or not) has increased greatly for any enterprise planning a cloud migration or already embracing the cloud ...

September 16, 2019

Step 10 of the Twelve-Factor App highlights DEV/product parity and relates to keeping development, staging and production as similar as possible ...

September 10, 2019

DevOps will need to revisit security at it prepares to take advantage of all that quantum computing has to offer. Most security experts surmise that quantum crypto algorithms will eventually render RSA cryptography and ECC useless. Because of the security impact, particularly as it relates to the formidable crypto algorithms, my recommendation for DevOps is to prepare now ...

August 29, 2019

As organizations seek to better embed security into DevOps and Agile software development, they're going to need to find better ways of scaling security knowledge across cross-functional teams. Everyone needs to chip in, and the only way they can do that is if companies properly train members of cross-functional teams on what it means to deploy secure software ...

August 28, 2019

As organizations seek to better embed security into DevOps and Agile software development, they're going to need to find better ways of scaling security knowledge across cross-functional teams. From developers to DevOps engineers to site reliability specialists to database professionals, everyone needs to understand how security considerations impact the risk of the overall IT ecosystem they operate within, and how these security concerns should shape the work they do day in and out. Here are five ways to accomplish that ...

August 22, 2019

Despite the enterprise benefits assured by adopting a DevOps culture, the majority of IT leaders polled believe communication between IT security and software development must improve greatly to achieve success, according to a recent survey conducted by Trend Micro ...

August 06, 2019

Business demands agility — ever-increasing speed to deliver new functionality to the customers and to stay ahead of competitors. DevOps and agile development deliver on this business goal and are being widely adopted across industries. It's also well established that we need to find how to insert security into DevOps to ensure that security does not get left behind. Which begs the question — why hasn't this happened, why haven't we figured out how to insert security into DevOps ...

August 05, 2019

Want to get to DevSecOps? Start by developing mature DevOps practices. Security pros report an established DevOps team is three times more likely to find bugs before code is merged and 90% more likely to test between 91% and 100% of code than early-stage efforts ...

July 16, 2019

Security teams must prepare for the certainty that, eventually, something malicious will gain a foothold in the network. In response, security teams are refocusing their work on the need to harden internal network security. And the methodology they're turning to is zero trust ...

July 09, 2019

"Shift Left" has become an ever-present meme amongst DevOps and the security folk concerned about or working with DevOps. To "shift left" means to attend to something as early in development as possible, based on the assumption of left-to-right mapping of development activities ...

June 20, 2019

Alongside the general emphasis in the industry on making software development safer, the growing use of more complex programming languages — notably C++ — has added to the challenge. While C++ gives developers a far more scope for creativity and innovation, its flexibility makes it easier for individuals to inadvertently create coding errors — take for example, memory leaks — that can lead to software vulnerabilities ...

June 13, 2019

Responses to our annual Container Adoption Survey — conducted jointly by Portworx and Aqua Security — have shown a clear uptick in how complex containerized applications have become, demonstrating that IT organizations are increasingly confident that container infrastructure can manage business-critical applications. However, this year's responses also suggest a continuing lack of clarity when it comes to who's responsible for container security ...

May 30, 2019

Next-gen application development vendors are branching out into analytics, the Internet of Things, SaaS-based offerings, security and mobile apps to help clients solve business problems, create new growth opportunities and improve profits, according to a new report published by ISG ...

May 16, 2019

Only 40% of organizations are satisfied with their WAF, according to a new Ponemon Institute report – The State of Web Application Firewalls ...

May 13, 2019

We now move on to Step 8 of the Twelve-Factor App, which recommends scaling out via the process model discussed in Step 7 ...

May 07, 2019

I think the single most profound struggle and opportunity in application security is the relationship between developers and security. For the most part, security professionals see developers as unreliable children running with scissors. Conversely, developers see security professionals as antiquated whistleblowers who focus solely on their own job security ...

April 29, 2019

Only 10 percent of organizations report repairing critical vulnerabilities satisfactorily and in a timely manner. However, to understand how to address this problem, we first need to understand the current state of application security ...

April 08, 2019

In this seventh step, the Twelve-Factor methodology encourages the integration of the network handling traffic code inside your running application ...

March 20, 2019

Cloud-based business initiatives are accelerating faster than security organizations' ability to secure them, according to the State of Hybrid Cloud Security Survey from FireMon. The survey revealed 60% of respondents either agreed or strongly agreed that this was happening in their organizations ...

March 11, 2019

Companies are struggling to address the gap that exists between how they're using containers and their level of confidence about security and misconfigurations. The more containers dominate application development, the more imperative it is to integrate container security measures throughout the process, bringing it earlier in the app dev process and integrating it with the orchestration layer. Portability and integration are critical as companies are trying to simultaneously operationalize and secure containers and microservices across hybrid and multi-cloud deployments. The lag between container security and container adoption represents significant risks to individual businesses as well as the broader ecosystem. It's time to close this security gap before it widens, and DevOps has a central role to play ...

March 04, 2019

Step 6 of the Twelve-Factor App methodology encourages executing the app as one or more stateless processes. Here is some actionable security-focused advice which developers and ops engineers can follow during the SaaS build and operations stages ...

Pages