Enterprise DevSecOps: Security Test Integration and Tooling

Enterprise DevSecOps: Security Test Integration and Tooling

Posted under: Heavy Research In this section we show you how to weave security into the fabric of your DevOps automation framework. We are going to address the questions “We want to integrate security testing into the development pipeline, and are going to start with static analysis. How do we ... Read More

Enterprise DevSecOps: Security Planning

Posted under: Heavy Research This post is intended to help security folks create an outline or structure for an application security program. We are going to answer such common questions as “How do we start building out an application security strategy?”, “How do I start incorporating DevSecOps?” and “What application ... Read More

Enterprise DevSecOps: How Security Works With Development

Posted under: Heavy Research In our first paper on ‘Building Security Into DevOps’, given the ‘newness’ of DevOps for most of our readers, we included a discussion on the foundational principles and how DevOps is meant to help tackle numerous problems common to software delivery. Please refer to that paper ... Read More

Enterprise DevSecOps: New Series

Posted under: Heavy Research DevOps is an operational framework that promotes software consistency and standardization through automation. It helps address many of the nightmare development issues around integration, testing, patching and deployment by both breaking down the barriers between different development teams, but also by prioritizing things that make software ... Read More

Understanding and Selecting RASP 2019: Selection Guide

Posted under: Heavy Research We want to take a more formal look at the RASP selection process. For our 2016 version of this paper, the market was young enough that a simple list if features was enough to differentiate one platform from another. But the current level of platform maturity ... Read More

Understanding and Selecting RASP 2019: Integration

Posted under: Editors note we have been having some VPN interruptions so I apologize for the uneven cadence these posts are being delivered. We are working on fixing the issue. In this section we outline how RASP fits both into the technology stack, both during production deployment and build processes ... Read More

Understanding and Selecting RASP 2019: Technology

Posted under: Heavy Research Here we discuss technical facets of RASP products, including how the technology works, how it integrates into an application environment, and the advantages of each approach. We will also outline some important considerations, such as platform support, which will impact your selection process. We will also ... Read More

Understanding and Selecting RASP 2019: Use Cases

Posted under: Heavy Research As you might expect, the primary function of RASP is to protect web applications against known and emerging threats. In some cases it is deployed to block attacks at the application layer, before vulnerabilities can be exploited, but in many cases it processes a request until ... Read More

Understanding and Selecting RASP: 2019

Posted under: Heavy Research During our 2015 DevOps research conversations, developers consistently turned the tables on us, asking dozens of questions about embedding security into their development process. We were surprised to discover how much developers and IT teams are taking larger roles in selecting security solutions, working to embed ... Read More

What We Know About the Capital One Data Breach

Posted under: Research and Analysis I’m not a fan of dissecting complex data breaches when we don’t have any information. In this case we do know more than usual due to the details in the complaint filed by the FBI. I want to be very clear that this post isn’t ... Read More