DevSecOps

April 02, 2020

Many developers dread code reviews, and one reason for this is probably that most reviewers only offer criticism rather than encouragement. Remember as a peer reviewer, you can also reinforce things you see that are done well, which can be every bit as important and effective as nitpicking every design flaw, mistake, bug or styling issue. There is an intrinsic value of positive reinforcement for encouraging desirable behavior ...

March 23, 2020

In the Part 1 of this blog, I touched on formal definition and risks associated with Insider Threats. In this post I will examine the top X insider threats that were reported over the last decade ...

March 19, 2020

Majority of security solutions focus on externally triggered unauthorized and illegitimate access to systems and information. Unfortunately, the most damaging malicious activity is the result of internal misuse within an organization, perhaps since far less attention has been focused inward ...

March 12, 2020

There's a curious irony about two powerful and closely related developer tools in use today. On the one hand, enterprises of all sorts have moved quickly to embrace the use of containers and Kubernetes as part of their digital transformation, usually with a view to speeding the pace of new application development. Yet, according to a new survey from StackRox, almost half of those same users have applied the brakes, delaying the rollout of applications that make use of those technologies. The reasons for both their enthusiasm and their caution are understandable ...

March 10, 2020

Identified as "GhostCat" and tracked as CVE-2020–1938 / CNVD-2020–10487, the flaw could let remote attackers (without authentication) read the content of any file on a vulnerable web server (or servlet container) and obtain sensitive configuration files or source code, or execute arbitrary code if the server allows file upload ...

March 05, 2020

As the expansion of DevOps into DevSecOps shifts into higher gear in 2020, companies are struggling to balance the accelerated automated software development cycle with an integrated and thorough software security strategy. The key in doing so is to take DevSecOps at face value and do what the technology demands ...

February 13, 2020

Ensuring the safety of the apps we use every day is essential. Consumers need to know their app stores are offering vetted downloads. At the same time, personal discretion is essential — knowing not to allow access permissions on a simple flashlight app, for example, is part of technological literacy ...

February 06, 2020

Every mobile app is built around a set of APIs. In fact, it's not much of an exaggeration to describe APIs as the heart of day's modern mobile. Because of their centrality to the function of mobile apps, securing each API is a difficult task. The burden is placed squarely on mobile app developers, most of whom are not security experts ...

January 29, 2020

Zero-day vulnerabilities create security holes that can and almost certainly will be exploited. They also could crash your system when you do an upgrade. These threats aren't new, but their threat profile has increased; some of these vulnerabilities persist for long periods of time ...

January 22, 2020

While nearly 75 percent of developers worry about the security of their applications, and 85 percent rank security as very important in the coding and development process, nearly half of their teams lack a dedicated security expert ...

January 21, 2020

A lot of companies have gone down the path of DevOps, building and using containers and microservices. As a result, workloads are getting more complex. The Kubernetes ecosystem is very rich, and as more companies find value in using Kubernetes as a container orchestrator, they will adopt more solutions in the ecosystem. These advances mean we'll see increasingly complex workloads running in Kubernetes ...

January 16, 2020

2020 will mark a tipping point in cloud, as new applications and software will become "cloud first" — and technology that avoids the cloud will increasingly be seen as a costly oddity ...

January 15, 2020

Industry experts offer predictions on how DevSecOps and related technologies will evolve and impact the business in 2020. Part 3 covers Kubernetes, APIs and more ...

January 14, 2020

Industry experts offer predictions on how DevSecOps and related technologies will evolve and impact the business in 2020. Part 2 offers predictions about shifting left, automation and more ...

January 13, 2020

Industry experts offer predictions on how DevSecOps and related technologies will evolve and impact the business in 2020 ...

December 05, 2019

Today a brand will only get you so far, you need to accelerate your development to compete, or your company will join the dozens already in the corporate graveyard. What does this mean for application security? ...

November 25, 2019

The shift to DevOps production models, and the increasing reliance on serverless or containerized architectures is often driven by the need for operational speed and consistency. Digital transformation is supposed to make work smoother and more productive. New research from Radware demonstrates the effect that the shift to microservices and the ever-evolving imperatives of digital transformation have had on organizations’ security posture ...

November 18, 2019

Microservices, container orchestration, virtualized machines; these and other tools have created an entire industry to support the fast, continuous development approach. But while efficiency and speed bring competitive advantages, something is still missing: security. With the luxury of speeds comes the by-product of overly pushed data during the development phase. This opens the question of which is more important — speed or security? ...

November 04, 2019

The final chapter of this blog series looks at Factor 12, Admin Processes, and shares security-focused advice for this step that developers and ops engineers can follow during the SaaS build and operations stages.

October 28, 2019

Speed of deployment affects your bottom line, making it one of the core DevOps metrics. Continuous integration (CI) and continuous delivery (CD) are now established principles that are standard in almost every business. The huge advantages that come with incremental, ongoing changes and deployment via Kubernetes, microservices, and containers have been proven and embedded into every business practice. While DevOps tools and practices are standard almost everywhere, there's still one DevOps tool left to go ...

October 15, 2019

The security posture to adopt when striving for DEV/prod parity as you move through the Twelve-Factors is to ensure that product secrets are not shared. Step 11 suggests treating logs as event streams ...

October 07, 2019

The concept of infusing security into the mindset and the processes of software delivery is often called "DevSecOps." Since developers, testers, and operations staff are all part of the same DevOps team, they must all take responsibility for their software's security, from design through development, and out into production. Here are some practical steps that teams can take to introduce security into their DevOps pipelines, making them DevSecOps pipelines ...

October 03, 2019

In the first blog of this series, I discussed what would it take to insert security into DevOps and arrived at the helpful mnemonic SECURIDY to capture the key requirements. As a continuation of that blog, I thought it would be valuable to take some of the popular technologies and measure them against this framework to see which are still well-suited for today's world of DevOps, as well as which fall short and why ...

September 30, 2019

Today, performance bugs and memory bugs are the least of the worries facing the developer community. Instead, a new crisis has surfaced: security bugs. Security bugs are so much more concerning than the other bugs because security bugs will get you "pwned!" ...

September 25, 2019

DevSecOps has shown the IT industry an effective way to deal with security issues in DevOps lifecycle. But successful security integration into DevOps pipelines through DevSecOps requires adoption of certain tools, resources and practices that can unite Dev, Ops and Security teams under the ambit of DevSecOps culture. Here are 6 best practices for successful DevSecOps implementation ...

Pages