DevSecOps Archives

Hot Topics

The Preventative, Developer-Driven Approach to Software Security

by Charlene O’Hanlon on March 10, 2022

The focus on automation, tooling and reactive responses to cyber threats can no longer stand alone against an increasingly sophisticated threat landscape, where attackers are also employing advanced tools to successfully breach even the most protected networks and systems. What is needed is a human-led approach to software security, with security-skilled developers who are incentivized..
Read more

Future Frontiers: Why Developers Need to Go Beyond the OWASP Top 10 for Secure Coding Mastery

by Charlene O’Hanlon on December 13, 2021

In 2021, we usher in a new era for the fabled OWASP Top 10. This latest release reveals some significant shake-ups, with Injection flaws finally being toppled from the top spot in favor of Broken Access Control vulnerabilities. Brand new entries like Insecure Design and Software and Data Integrity Failures show a trend towards vulnerability..
Read more

OWASP Top 10 API: Strategies for Smart Developers

by Charlene O’Hanlon on December 13, 2021

Threats to cybersecurity these days are ubiquitous and relentless. It’s become so bad that trying to keep up with them after programs are deployed has become almost impossible. However, in this age of DevSecOps, continuous delivery, and more data paydirt than ever before, shrewd organizations are helping developers just like you upskill into security-aware superstars..
Read more

Application Security: The Best/Worst Is Yet to Come

by Charlene O’Hanlon on April 23, 2021

In the wake of recent high-profile breaches, all eyes are on application security. Yet, application security hasn’t always received the attention during the application development process it deserves. Many organizations deploy applications with known vulnerabilities to meet their deadlines, with the idea that they’ll be addressed in the next update. That’s a dangerous gamble. DevSecOps..
Read more

Adopting a Strategic Mindset for Cloud-Native Application Protection

by Charlene O’Hanlon on April 14, 2021

With more applications being developed in a cloud-native fashion, using containers and serverless architecture, organizations should think about smarter, more efficient and more reliable ways to protect their applications. Cyberattackers are more innovative and are achieving more success in compromising cloud-native applications, so vigilance is a must for developers, security professionals and IT organizations. Download..
Read more

Identity: The Real Key to Security

by Charlene O’Hanlon on March 23, 2021

Identity and access management (IAM) has long been touted as an effective way to ensure data security by providing access only to those who have the correct permissions. In today’s increasingly distributed IT environment, more organizations look for zero-trust computing architectures that rely on more sophisticated approaches to IAM based on multi-factor authentication. Download this..
Read more

Cybersecurity Turns the COVID-19 Corner

by Charlene O’Hanlon on February 1, 2021

The COVID-19 pandemic has proven to be a defining moment for cybersecurity. Security perimeters crumbled overnight as entire workforces started working from home, and most gave little thought to the security implications. From a cybersecurity perspective, change reigned. In 2021, many cybersecurity teams are still working to adjust to a new reality. In theory, once..
Read more

Enterprise SSL Solutions: A Buyers Guide

by Charlene O’Hanlon on October 5, 2020

Having SSL certificates, or what are now officially known as TLS certificates, has always been a requirement for corporate IT organizations. Certificates encrypt data as it is being transferred between servers and web-facing browsers as well as protect data as it moves between servers. Certificates also play a critical role in making sure that only..
Read more

How the New COVID-19 Normal Will Accelerate the Shift from Tokens to Digital Certificates

by Charlene O’Hanlon on October 5, 2020

Among the most common methods employed to verify identity are hard and soft tokens. Hard tokens most often take the form of a USB “dongle” or a magnetic swipe card embedded in a badge used to access everything from a local office to a data center containing millions of dollars of IT equipment. Soft tokens..
Read more

Managing the AppSec Toolstack

by Charlene O’Hanlon on September 21, 2020

The best cybersecurity defense is always applied in layers—if one line of defense fails, the next should be able to thwart an attack, and so on. Now that DevOps teams are taking more responsibility for application security by embracing DevSecOps processes, that same philosophy applies to security controls. The challenge many organizations are facing now..
Read more