Security and the Twelve-Factor App - Step 9
A blog series by WhiteHat Security
July 15, 2019

Eric Sheridan
WhiteHat Security

In the previous chapter of this WhiteHat Security series, the Twelve-Factor App recommended scaling out via the process model discussed in Step 8, and included advice from the WhiteHat team on what to apply from a security point of view.

Step 9 of the Twelve-Factor App discusses disposability, which means that apps built using the twelve-factor methodology can be started or stopped at a moment's notice.

Start with Security and the Twelve-Factor App - Step 1
Start with Security and the Twelve-Factor App - Step 2
Start with Security and the Twelve-Factor App - Step 3
Start with Security and the Twelve-Factor App - Step 4
Start with Security and the Twelve-Factor App - Step 5
Start with Security and the Twelve-Factor App - Step 6
Start with Security and the Twelve-Factor App - Step 7
Start with Security and the Twelve-Factor App - Step 8

In the previous blog of this WhiteHat Security series, the Twelve-Factor App recommended scaling out via the process model discussed in Step 7, and included advice on what to apply from a security point of view.

Step 9 of the Twelve-Factor App discusses disposability, which means that apps built using the twelve-factor methodology can be started or stopped at a moment's notice.

Defining Disposability in the Twelve-Factor App

The ninth factor suggests maximizing robustness with fast startup and a graceful shutdown. This step focuses on getting code and app deployments quickly out of the starting blocks and functioning immediately. Likewise your application also needs to be strong against crashing, and if does crash, it needs to be able to restart cleanly.

The advantage with disposability in Twelve-Factor apps is that it supports fast elastic scaling, rapid deployment of code or configuration changes, and robustness of production deploys.

Applying Security to Step 9

An important factor to remember with disposability is to apply signatures and expirations to limit the life of derived security assertions. If for example the code is written without an expiration, and it's intercepted over the wire, that token can easily be re-used, something that you don't want to happen.

Read Security and the Twelve-Factor App - Step 10

Eric Sheridan is Chief Scientist at WhiteHat Security
Share this

Industry News

August 06, 2020

Push Technology announced the launch of a new Kafka Adapter for their Diffusion Intelligent Data Mesh.

August 06, 2020

Appvia announced the launch of its Cost Prediction and Visibility tool, integrated within the latest version of its Kore platform.

August 06, 2020

LogiGear announced the newest addition to the TestArchitect™ family, TestArchitect Gondola.

August 05, 2020

Logz.io announced a partnership with HashiCorp, a provider in multi-cloud infrastructure automation software.

August 05, 2020

Digitate, a software venture of Tata Consultancy Services, announced the release of ignio™ AI.Assurance, an autonomous assurance product that enables enterprises to deliver better software faster, enhancing their business performance.

August 05, 2020

Harness acquired self-service Continuous Integration firm Drone.io, the creator of the open-source project Drone.

August 04, 2020

Aqua Security announced that its Cloud Native Security Platform is available through Red Hat® Marketplace, an open cloud marketplace that makes it easier to discover and access certified software for container-based environments across the hybrid cloud.

August 04, 2020

Threat Stack announced the availability of Threat Stack Container Security Monitoring for AWS Fargate.

August 04, 2020

OpenLogic by Perforce now provides an enterprise-class alternative to Oracle Java by offering OpenJDK distributions backed by OpenLogic support.

August 03, 2020

MuseDev launched on Github Marketplace the Early Access version of its code analysis platform, Muse, to help developers find and fix critical security, performance, and reliability bugs, efficiently, before they reach QA or production.

August 03, 2020

Styra announced Rego Policy Builder for the Styra Declarative Authorization Service (DAS).

August 03, 2020

Felicis Ventures has invested an additional $5M in Sourcegraph, bringing the total raised to over $46M, including a $23M Series B in March 2020 led by Craft Ventures.

July 30, 2020

New Relic delivered strategic updates to New Relic One.

July 30, 2020

IT Revolution announced the DevOps Enterprise Summit Las Vegas 2020 will be going virtual.

July 30, 2020

Adaptavist announced the acquisition of Go2Group, a US technology firm specializing in Agile and DevOps services and cloud solutions for the enterprise.