Akana by Perforce now offers BlazeMeter to customers, previously a solution with Broadcom Layer7.
Security and the Twelve-Factor App - Step 11
A blog series by WhiteHat Security
October 15, 2019
In the previous chapter of this WhiteHat Security series, DEV/product parity was the key focus area, and relates to keeping development, staging and production as similar as possible. The security posture to adopt when striving for DEV/prod parity as you move through the Twelve-Factors is to ensure that product secrets are not shared.
Step 11 suggests treating logs as event streams.
Start with Security and the Twelve-Factor App - Step 1
Start with Security and the Twelve-Factor App - Step 2
Start with Security and the Twelve-Factor App - Step 3
Start with Security and the Twelve-Factor App - Step 4
Start with Security and the Twelve-Factor App - Step 5
Start with Security and the Twelve-Factor App - Step 6
Start with Security and the Twelve-Factor App - Step 7
Start with Security and the Twelve-Factor App - Step 8
Start with Security and the Twelve-Factor App - Step 9
Start with Security and the Twelve-Factor App - Step 10
Defining Logs in the Twelve-Factor App
12.factor.net explains that Logs, which are the stream of aggregated, time-ordered events collected from the output streams of all running processes and backing services, offer visibility into the behaviour of a running app.
A twelve-factor app never concerns itself with routing or storage of its output stream. It should not attempt to write to or manage logfiles. Instead, each running process writes its event stream, unbuffered, to stdout. During local development, the developer will view this stream in the foreground of their terminal to observe the app’s behavior.
Applying Security to Step 11
The most important security step in this factor is to log for security in such a way that anyone who is aggregating the log can easily extract the security log messages to avoid being burdened with stack traces for example.
In other words, create a log record for each security critical event with supporting information, as well as a "SECURITY" log record category to assist in aggregation.
In the final chapter we cover Step 12, which is all about admin processes and running admin/management tasks as one-off processes.
Industry News
June 23, 2022
Coder announced the release of a new open source project that gives developers and data scientists a consistent, secure, yet flexible way to create cloud workspaces in minutes.
June 23, 2022
GitGuardian is announcing a series of new features to address developer experience in securing the software development lifecycle.
June 22, 2022
OctoML released a major platform expansion to accelerate the development of AI-powered applications by eliminating bottlenecks in machine learning deployment.
June 22, 2022
Snow Software announced new functionality and integrations for Snow Atlas, a purpose-built platform that provides a framework to accelerate data-driven technology decision-making.
June 22, 2022
Traefik Labs launched Traefik Hub, a new cloud service that eliminates the complexity of management and automation of Kubernetes and Docker networking at scale.
June 21, 2022
The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the new Open Programmable Infrastructure (OPI) Project.
June 21, 2022
Docker announced the acquisition of Atomist, a company founded to improve developer productivity and keep cloud native applications safe.
June 21, 2022
SmartBear released BitBar, an all-in-one web and native mobile app testing solution.
June 16, 2022
Armory announced general availability of Armory Continuous Deployment-as-a-Service.
June 16, 2022
Infragistics announced the launch of App Builder On-Prem.
June 16, 2022
LambdaTest launched Test-at-Scale (TAS), a test intelligence and observability platform, to help development teams with shift-left testing.
June 16, 2022
NetApp announced continued innovations and solutions to provide enterprises with more simplicity, more security and more flexibility for their hybrid multicloud environments. These new capabilities include improved ransomware protection, hybrid cloud storage in a single subscription, unified management in a single user interface, and close collaboration with VMware to help transition workloads to the cloud.
June 16, 2022
Code Intelligence announces $12 million (11M€) in Series A funding led by Tola Capital.
June 15, 2022
Keysight Technologies and Sauce Labs have partnered to deliver cloud-based testing of enterprise applications on mobile devices, browsers and secure desktops.
