The Myth of Mutual Exclusivity: Making the DevOps Process More Agile Without Compromising Security

Source – securityintelligence.com The marketplace is demanding agility, but many enterprises perceive the need for agility as an ongoing security risk. If applications are constantly evolving, they assume, the process will constantly open up new avenues for attackers to exploit. This worry has given rise to a widespread misconception that security or agility is a binary choice. But a growing number of organizations are challenging this stereotype and actively working to integrate security into the DevOps process. These proactive players in

Read more

Secure DevOps lengthens IT ops to-do list

Source – techtarget.com Secure DevOps is a recent trend that has primarily involved collaboration between application developers and security experts so far — the IT ops role in the new collaboration between app developers and security pros hasn’t been fleshed out yet. But as developers and security professionals “shift security left” in the app delivery process, IT ops will need to respond accordingly, and preferably proactively. IT pros must collaborate with the security team as well as application developers. Following high-profile

Read more

How to Build a Better DevOps Model

Source – baselinemag.com Establishing a DevOps strategy and putting it into motion can prove extremely challenging. Success depends on factors such as technology, processes and culture. The complexities of digital business aren’t lost on anyone, but achieving the level of coordination and orchestration required to navigate today’s challenges can be overwhelming. “The ability to introduce new business services, new capabilities and new functions—and push them out to customers and others quickly and effectively—is dependent on the IT and business sides of

Read more

The future of AppSec: Stop fighting the last war

Source – helpnetsecurity.com It’s a cornerstone of military doctrine: when you focus too much on the last battle you faced, you miss signs of the new battleground taking shape. The principle holds as true for cybersecurity as it does for cavalries and tanks. The surest way to put your organization at risk is to keep your defense strategy rooted in the past – especially it wasn’t all that effective in the first place. If tactics like slow gatekeeping controls haven’t been

Read more

The top three approaches for improving cloud migration and security

Source – cloudcomputing-news.net For many enterprises, migrating towards a cloud delivered approach for IT systems is an attractive proposition. Cost efficiency and business agility are big drivers for CIOs to make the move.  Most modern companies have either started migrating toward a public cloud or they are in the early planning and analysis phases of doing so. At the same time, making the jump from on-site infrastructure to cloud-hosted platforms is not free of challenges such as, regulations, data governance, billing

Read more

Are DevOps and Application Security Compatible?

Source – simpleprogrammer.com DevOps is the word of the year. The software industry is on fire with the DevOps craze and more and more companies are looking for DevOps skills. DevOps practices are the key to delivering value quickly, scaling effectively, and enabling a fast feedback cycle of important information. They allow the true agility in software development that companies need to be successful. Good application security practices help to prevent the misuse of software for nefarious means. It aims to protect

Read more

DevOps requires automation and testing to ensure application security

Source – techproresearch.com DevOps is known for continuous delivery and rapid iteration – almost the exact opposite of enterprise security, which can be seen as slow-moving and overly cautious. As more companies move toward DevOps as a means of delivering and maintaining applications, security becomes critical to plug gaps and prevent data breaches–especially in the continuous delivery pipeline, which can introduce more holes for hackers to wriggle into. Experts advise carefully designing the delivery pipeline and testing everything as thoroughly as

Read more

Application Security Report Calls Out Problems in Mobile, IoT Devices and DevOps

Source – securityintelligence.com Vulnerabilities in mobile backends, web interfaces to the Internet of Things (IoT) and negligent DevOps practitioners are among the fastest growing application security threats, according to a report released at the InfoSecurity Europe conference in London this week. What’s the Problem? Research from High-Tech Bridge, a Swiss company that also operates in the U.S., said 83 percent of web service and application programming interfaces (APIs) used in apps for retail, banking and other markets could fall prey to

Read more

Before You Outsource Code Development – Think About the Security Implications

Source – veracode.com Police in the Netherlands recently contacted more than 20,000 people who they suspect had their personal data stolen by a malicious web developer. This developer had built “backdoors” into applications he created for various businesses as a contractor. With the information he stole, it is alleged that he made online purchases, opened gambling accounts and impersonated victims’ family members. Outsourcing application development allows organizations to realize cost savings and provides the flexibility necessary to scale. However, as

Read more

DevSecOps: Paradigm shifts are messy, but someone’s got to take the lead

Source:- infoworld.com A perfect storm of factors brewing in the dev, ops, and security worlds have created a window of opportunity to embed security into the application delivery lifecycle, in a needle-moving kind of way. However, security teams need to be the ones driving the DevSecOps charge or that needle will barely wobble. Given how many security practitioners spend their days putting out fires, adding “DevSecOps evangelist” to their job description is more likely to elicit groans than spur the desire

Read more
1 2