VAST Data announced the general availability of its new Container Storage Interface (CSI).
Security and the Twelve-Factor App - Step 12
A blog series by WhiteHat Security
November 04, 2019
The final chapter of this blog series looks at Factor 12, Admin Processes, and shares security-focused advice for this step that developers and ops engineers can follow during the SaaS build and operations stages.
Start with Security and the Twelve-Factor App - Step 1
Start with Security and the Twelve-Factor App - Step 2
Start with Security and the Twelve-Factor App - Step 3
Start with Security and the Twelve-Factor App - Step 4
Start with Security and the Twelve-Factor App - Step 5
Start with Security and the Twelve-Factor App - Step 6
Start with Security and the Twelve-Factor App - Step 7
Start with Security and the Twelve-Factor App - Step 8
Start with Security and the Twelve-Factor App - Step 9
Start with Security and the Twelve-Factor App - Step 10
Start with Security and the Twelve-Factor App - Step 11
Defining Admin Processes in the Twelve-Factor App
The final and twelfth factor focuses on admin processes and running admin/management tasks as one-off processes.
By this, 12.factor.net means that “one-off admin processes should be run in an identical environment as the regular long-running processes of the app. They run against a release, using the same codebase and config as any process run against that release. Admin code must ship with application code to avoid synchronization issues.”
Applying Security to Step 12
From a security standpoint, admin processes must be subject to the same security scrutiny as prescribed for factors I to XI. Incorporate one-off admin processes as part of product discussions and understand the security risks associated with one-off admin processes.
Industry News
January 16, 2020
Fugue has open sourced Regula, a tool that evaluates Terraform infrastructure-as-code for security misconfigurations and compliance violations prior to deployment.
January 16, 2020
WhiteHat Security will offer free application scanning services to federal, state and municipal agencies in North America.
January 15, 2020
Micro Focus announced the release of Micro Focus AD Bridge 2.0, offering IT administrators the ability to extend Active Directory (AD) controls from on-premises resources, including Windows and Linux devices to the cloud - a solution not previously offered in the marketplace.
January 15, 2020
SaltStack announced the availability of three new open-source innovation modules: Heist, Umbra, and Idem.
January 15, 2020
ShiftLeft announced a partnership and deep integration with CircleCI that enables organizations to insert security directly into developer pull requests from code repositories.
January 14, 2020
Containous closed $10 million in Series A funding.
January 13, 2020
JFrog announced the launch of the free ConanCenter, enabling better search and discovery while streamlining C/C++ package management.
January 13, 2020
Perfect Sense launched Gyro - a cloud management tool that mitigates the risks associated with manually provisioning and managing infrastructure, lack of standards in configurations, and unpredictable results from changes to cloud infrastructure.
January 13, 2020
Synopsys has completed the acquisition of Tinfoil Security, a provider of dynamic application security testing (DAST) and Application Program Interface (API) security testing solutions.
January 09, 2020
IT Revolution, the industry leader for advancing DevOps, opened its call for presentations for both DevOps Enterprise Summit 2020 events in London and Las Vegas.
January 08, 2020
Anchore announced the immediate availability of Anchore Enterprise 2.2.
January 08, 2020
TigerGraph announced new functionality and performance for TigerGraph Cloud.
January 07, 2020
Compuware Corporation announced a CloudBees Technical Alliance Partner Program (TAPP) Premier Partnership and new advancements to Topaz that together enable organizations to quickly achieve low-risk, low-cost mainframe modernization by fully leveraging their existing mainframe resources.
January 07, 2020
Allegro A officially welcomes Allegro Trains Agent to the Allegro Trains ecosystem.
