Security and the Twelve-Factor App - Step 9
A blog series by WhiteHat Security
July 15, 2019

Eric Sheridan
WhiteHat Security

In the previous chapter of this WhiteHat Security series, the Twelve-Factor App recommended scaling out via the process model discussed in Step 8, and included advice from the WhiteHat team on what to apply from a security point of view.

Step 9 of the Twelve-Factor App discusses disposability, which means that apps built using the twelve-factor methodology can be started or stopped at a moment's notice.

Start with Security and the Twelve-Factor App - Step 1
Start with Security and the Twelve-Factor App - Step 2
Start with Security and the Twelve-Factor App - Step 3
Start with Security and the Twelve-Factor App - Step 4
Start with Security and the Twelve-Factor App - Step 5
Start with Security and the Twelve-Factor App - Step 6
Start with Security and the Twelve-Factor App - Step 7
Start with Security and the Twelve-Factor App - Step 8

In the previous blog of this WhiteHat Security series, the Twelve-Factor App recommended scaling out via the process model discussed in Step 7, and included advice on what to apply from a security point of view.

Step 9 of the Twelve-Factor App discusses disposability, which means that apps built using the twelve-factor methodology can be started or stopped at a moment's notice.

Defining Disposability in the Twelve-Factor App

The ninth factor suggests maximizing robustness with fast startup and a graceful shutdown. This step focuses on getting code and app deployments quickly out of the starting blocks and functioning immediately. Likewise your application also needs to be strong against crashing, and if does crash, it needs to be able to restart cleanly.

The advantage with disposability in Twelve-Factor apps is that it supports fast elastic scaling, rapid deployment of code or configuration changes, and robustness of production deploys.

Applying Security to Step 9

An important factor to remember with disposability is to apply signatures and expirations to limit the life of derived security assertions. If for example the code is written without an expiration, and it's intercepted over the wire, that token can easily be re-used, something that you don't want to happen.

Read Security and the Twelve-Factor App - Step 10

Eric Sheridan is Chief Scientist at WhiteHat Security
Share this

Industry News

March 26, 2020

Redgate’s new SQL Monitor now ensures that DevOps teams can monitor and track deployments at all times.

March 26, 2020

Split Software announced a two-way data integration with Google Analytics that can instantly detect performance issues caused by new features.

March 26, 2020

Cloudreach earned the Kubernetes on Microsoft Azure advanced specialization.

March 25, 2020

Informatica updated its Intelligent Data Platform, powered by Informatica's AI-powered CLAIRE engine, with advanced intelligence and automation capabilities, enabling enterprises to accelerate cloud analytics modernization, drive better customer experiences, and properly govern and manage all their data.

March 25, 2020

Datical released Targeted Rollback capabilities for Liquibase, the rapidly growing open-source tool that helps application developers track, version and deploy database schema changes quickly and safely.

March 25, 2020

HashiCorp raised $175 million in Series E funding, at a company valuation of $5.1 billion.

March 24, 2020

Sysdig launched PromCat.io.

March 24, 2020

Sonatype announced expanded language coverage within Nexus Lifecycle to include Conan (C/C++), Composer (PHP), and RubyGems (Ruby), including the ability to create and contextually enforce policies.

March 24, 2020

Swimlane joined the Chronicle Index Partner program as part of a broader industry effort to help customers improve visibility of and response to cyber threats.

March 23, 2020

Portshift introduced Kubei Open Source container scanning software.

March 23, 2020

Perspecta achieved Amazon Web Services (AWS) DevOps Competency status.

March 23, 2020

Talend announced the availability of Talend Cloud in Microsoft Azure Marketplace, an online store providing applications and services for use on Azure.

March 19, 2020

DevOps Institute, a global member-based association for advancing the human elements of DevOps, announced eight Virtual SKILup Day micro-conferences starting April 30, 2020.

March 19, 2020

Oteemo, an enterprise DevSecOps and Cloud Native Transformation consultancy, launched an enterprise kubernetes and cloud native learning program.

March 19, 2020

Spectro Cloud, an enterprise cloud-native infrastructure company, emerged from stealth and unveiled its first product: Spectro Cloud.