6 Requirements for Achieving DevSecOps

Just as widespread cloud application adoption has led to the emergence of cloud-centric management tools (Okta, New Relic, Mulesoft, etc.), as the DevOps movement reaches ubiquity, the need for DevSecOps becomes more acute. However, with so many vendors wanting to cash in on the buzz, “DevSecOps” is quickly becoming cliche. What does DevSecOps really mean? And, perhaps more importantly, what should it mean?If we accept that DevSecOps derives from DevOps, then DevSecOps should both embody the core principles of DevOps and address any secondary issues that result from DevOps.The key tenets of DevOps include:AutomationContinuous improvementAdopting a microservice-based architectureAs such, it would be incongruous for DevSecOps to be heavily dependent on manual processes, only support monolithic code bases or not drive virtuous feedback loops between dev and prod.As a result of DevOps, many organizations now:Release dramatically fasterOptimize their production environment efficiency to keep cloud infrastructure costs lowSo, achieving DevSecOps must include precise and comprehensive application security without slowing down releases. Furthermore, the solution itself must be performant because, while DevOps has obscured infrastructure from engineering, the AWS EC2 bill remains very real to the CFO.DevSecOps Requirement #1: Protect All Aspects of Your Source CodeModern applications comprise more than just the code your organization writes. Incorporating...
Read more

The Evolution of DevSecOps Revisited

The inception of DevSecOps has created a whole new standard for driving innovation inside and outside organizations. Like DevOps, DevSecOps seeks to achieve greater efficiency and productivity through team collaboration coupled with a foundation in strong security. DevSecOps is pushing organizations to accomplish more, do it faster, and deliver better results more securely. We are... Read more » The post The Evolution of DevSecOps Revisited appeared first on Cloud Sentry Blog.
Read more

Top 10 Mobile App Security Best Practices for Developers

App security isn’t a feature or a benefit. It is a bare necessity. One breach could cost your company not just millions of dollars but a lifetime of trust. That is why security should be a priority from the moment you start writing the first line of code. While you were busy developing the most … Read More The post Top 10 Mobile App Security Best Practices for Developers appeared first on The State of Security.
Read more

The Future of SamuraiWTF

Samurai Web Testing Framework, if you’re not familiar with it, it’s a linux environment that is primarily now used for teaching web application penetration testing. It has a number of target web applications to train against, and a curated collection of attack tools. For the newest major version, we have made some changes to how … The Future of SamuraiWTFRead More »
Read more

Security at the Speed of DevOps

DevOps and traditional security seem to be at odds with one other. But it doesn’t have to be that way. You can make security a part of your DevOps process without sacrificing agility or security. First, let’s define what DevOps is. Let’s then look at how it combines with security to create DevSecOps. DevOps: A … Read More The post Security at the Speed of DevOps appeared first on The State of Security.
Read more

Fast Times At Grammarly High…

Tavis Ormandy (a member of Google’s Project Zero organization) has found, reported and the offending Grammarly code fixed by Grammarly in reportedly (by Tavis) in record time). A small bit of advoce for Grammarly, and others: Have your code thoroughly examined by systems adhereing to the OpenSAMM or SAMM model. It may save your hocks someday. Today's Must Read over at Graham Clueley's blog. Thanks Graham and Trey! Permalink
Read more

Gracefully Protecting Rapid Software Deployments

Gracefully Protecting Rapid Software Deployments — Part IPrologueSoftware has changed. What used to be monolithic services on the backend are now the massive deployments of microservices that constantly are spawned up and torn down with shifting workload needs. They no longer run in controlled environments you provision, but in-turn run on VMs and containers on rent. Every sensitive information entered by a user on a web-form travels and transforms through layers of computing designed for ease of deployment and simplicity. But with all the elegance comes the burden of security. In this series of posts we will dive deeply and discover how modern software development and deployment pushes the security burden further, and the shortcomings of traditional security to cater to this model. We will break apart an application and see how it sees light the of day in the modern world, and the pain points everybody in the development and deployment chain feels.The Software of TodayOf course, I can discuss the great virtues of modern software from straight of out of a textbook, someone’s presentation or research paper, but what fun is a blog if it doesn’t have a memorable story?Just because I love pizzas, 🍕 We will create a PizzaCoin Bank in...
Read more

Hacked! Will your anti-malware protect you from targeted attacks?

The news isn't good. Discover your best options in our latest reports. Latest reports now online. Criminals routinely create ingenious scams and indiscriminate attacks designed to compromise the unlucky and, occasionally, foolish. But sometimes they focus on a specific target rather than casting a net wide in the hope of landing something interesting. Targeted attacks can range from basic,
Read more
Page 1 of 1812345...10...Last »