Akana by Perforce now offers BlazeMeter to customers, previously a solution with Broadcom Layer7.
In the previous chapter of this WhiteHat Security series, DEV/product parity was the key focus area, and relates to keeping development, staging and production as similar as possible. The security posture to adopt when striving for DEV/prod parity as you move through the Twelve-Factors is to ensure that product secrets are not shared.
Step 11 suggests treating logs as event streams.
Start with Security and the Twelve-Factor App - Step 1
Start with Security and the Twelve-Factor App - Step 2
Start with Security and the Twelve-Factor App - Step 3
Start with Security and the Twelve-Factor App - Step 4
Start with Security and the Twelve-Factor App - Step 5
Start with Security and the Twelve-Factor App - Step 6
Start with Security and the Twelve-Factor App - Step 7
Start with Security and the Twelve-Factor App - Step 8
Start with Security and the Twelve-Factor App - Step 9
Start with Security and the Twelve-Factor App - Step 10
Defining Logs in the Twelve-Factor App
12.factor.net explains that Logs, which are the stream of aggregated, time-ordered events collected from the output streams of all running processes and backing services, offer visibility into the behaviour of a running app.
A twelve-factor app never concerns itself with routing or storage of its output stream. It should not attempt to write to or manage logfiles. Instead, each running process writes its event stream, unbuffered, to stdout. During local development, the developer will view this stream in the foreground of their terminal to observe the app’s behavior.
Applying Security to Step 11
The most important security step in this factor is to log for security in such a way that anyone who is aggregating the log can easily extract the security log messages to avoid being burdened with stack traces for example.
In other words, create a log record for each security critical event with supporting information, as well as a "SECURITY" log record category to assist in aggregation.
In the final chapter we cover Step 12, which is all about admin processes and running admin/management tasks as one-off processes.
Industry News
Coder announced the release of a new open source project that gives developers and data scientists a consistent, secure, yet flexible way to create cloud workspaces in minutes.
GitGuardian is announcing a series of new features to address developer experience in securing the software development lifecycle.
OctoML released a major platform expansion to accelerate the development of AI-powered applications by eliminating bottlenecks in machine learning deployment.
Snow Software announced new functionality and integrations for Snow Atlas, a purpose-built platform that provides a framework to accelerate data-driven technology decision-making.
Traefik Labs launched Traefik Hub, a new cloud service that eliminates the complexity of management and automation of Kubernetes and Docker networking at scale.
The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the new Open Programmable Infrastructure (OPI) Project.
Docker announced the acquisition of Atomist, a company founded to improve developer productivity and keep cloud native applications safe.
SmartBear released BitBar, an all-in-one web and native mobile app testing solution.
Armory announced general availability of Armory Continuous Deployment-as-a-Service.
Infragistics announced the launch of App Builder On-Prem.
LambdaTest launched Test-at-Scale (TAS), a test intelligence and observability platform, to help development teams with shift-left testing.
NetApp announced continued innovations and solutions to provide enterprises with more simplicity, more security and more flexibility for their hybrid multicloud environments. These new capabilities include improved ransomware protection, hybrid cloud storage in a single subscription, unified management in a single user interface, and close collaboration with VMware to help transition workloads to the cloud.
Code Intelligence announces $12 million (11M€) in Series A funding led by Tola Capital.
Keysight Technologies and Sauce Labs have partnered to deliver cloud-based testing of enterprise applications on mobile devices, browsers and secure desktops.