How Agencies Can Take Advantage of DevSecOps and Automation to Accelerate ATOs
As federal agencies develop more online services and systems to meet the mission of the U.S. government, their appetite and need to develop and deploy secure software applications rapidly continues to grow. Many agencies are embracing DevSecOps and cloud services as a way to release these applications quickly; however, the ... Read More
Erez Yalon: A Security Leader in the API Economy
The proliferation of software applications is accelerating due to the use of APIs, which have become the technological vascular system (so to speak) of nearly every application and online service. From mobile apps to backend servers, and from one online service to another, huge amounts of users’ interactions and data ... Read More
Remarkable University Study About Real-World Cybersecurity Training
Today’s cybersecurity and software development students spend years in the classroom honing their skills for gainful employment once they graduate. They’re being equipped with deep knowledge of application vulnerabilities, real-world attack scenarios, and extensive software development expertise that includes secure coding practices. The many students the universities are educating today ... Read More
Application Security: Turbulence Often Leads to Transformation
Most security and risk (S&R) professionals in our industry have heard of Top 10 Lists. For example, OWASP and their community of contributors have expanded their Top 10 security projects to include Mobile Apps, APIs, IoT, Serverless, Containers, Blockchain, etc. In fact, there are a large number of OWASP Projects ... Read More
On the Road to DevSecOps: Security and Privacy Controls per NIST SP 800-53
This past March, the National Institute of Standards and Technology (NIST) released the NIST Special Publication 800-53, Revision 5, which was their final public draft revision. According to the abstract, “This publication provides a catalog of security and privacy controls for federal information systems and organizations to protect organizational operations ... Read More
You Better Get Going with Go
“I think Node (.js) is not the best system to build a massive server web. I would use Go for that. And honestly, that’s the reason why I left Node. It was the realization that: oh, actually, this is not the best server-side system ever.” (HS, 2017) This quote is ... Read More
Welcome to Checkmarx Golang Week!
When beginning to utilize any new programming language, a frequent obstacle developers face is the sheer lack of secure coding education and training about common pitfalls and coding errors during the language-learning process. The subject of security is often neglected by many articles pertaining to a new language, or security ... Read More
On the Road to DevSecOps: Securing the Software Driving Mobility
The automotive industry is experiencing radical change—and software is the catalyst. Progressively more software, increasingly intelligent components, and new methods of interaction are finding their way into automobiles of all sizes and price. Software empowering the latest features has become a critical differentiator in this industry, beyond improving road safety, ... Read More
On the Road to DevSecOps: Top Three Benefits of CxFlow
Most organizations who are in the process of transitioning to DevOps understand that this new software development methodology is really about a change of corporate mindset, improvements to internal practices, and the usage of development tools that increase an organization’s ability to deliver software at higher rates. DevOps enables organizations ... Read More
The Road to DevSecOps: Addressing the Challenges of AppSec Awareness
Recently, I had an opportunity to sit down with Kurt Risley and ask him about his experiences and observations when working with organizations who desire to develop a comprehensive AppSec Awareness Program. The Q&A is as follows: Stephen: Since our world relies heavily on software, today more than ever before, ... Read More
