DevSecOps: How to conquer 3 big culture challenges

Source – enterprisersproject.com Just about any DevOps shop will hit speed bumps on the path toward continuous learning and improvement. “Organizations are increasingly adopting DevOps environments in hopes of achieving transformative velocity and innovation,” says Elizabeth Lawler, VP of DevOps security at CyberArk. “But like any new business initiative, this comes with challenges – and in the case of DevOps, it’s often around culture and areas of responsibility.” Even issues that seem technical in nature are often rooted in people. Take security: It’s as

Read more

How the new developer culture dictates development security

Source – sdtimes.com The 24×7 digital economy is requiring many organizations to release apps and application updates on a near-continuous basis in order to keep up with increasing customer demand—or face being left in the dust by competitors. Developer teams have their hands full trying to deliver functional, feature-rich updates on time. In this hyper-competitive environment, security is often too easy to deprioritize when faced with the pressure to get an app out the door. The rising trend of breaches from

Read more

DevSecOps: 3 ways to bring developers, security together

Source – enterprisersproject.com Applications are the heart of the digital business, with code central to the infrastructure that powers it. In order to stay ahead of the digital curve, organizations must move fast and deploy code quickly, which unfortunately is often at odds with stability and security. With this in mind, where and how can security fit into the DevOps toolchain? And, in doing so, how can we create a path for successfully deterring threats? As DevOps continues along its path

Read more

AppSec at the speed of DevOps in the age of open source

Source – jaxenter.com “Through the community engagement, we all win” In the world of DevOps, traditional application security doesn’t cut it anymore, and relying on perimeter defenses is a reactionary measure… assuming you control the perimeter. The unprecedented use of open source, speed of continuous integration and continuous delivery, containerization, and move to the cloud all mean that teams need a new approach to application security. DevOps teams cannot cede speed and agility for the sake of security. JAXenter editor Gabriela

Read more

Application security needs to shift left

Source – sdtimes.com As teams are pressured to release software more rapidly, more and more aspects of software development are being forced to “shift left,” moving up earlier in the development lifecycle. Because of the speed in which code is updated and delivered, security can no longer be thought of as an afterthought, said Rani Osnat, VP of product marketing at Aqua Security, a company that specializes in container security. “That’s why we profess to shift left security and basically embed

Read more

Wallarm Launches Framework for Automatic Security Testing

Source – eweek.com Cybersecurity startup Wallarm announced the launch of its Framework for Automatic Security Testing (FAST) technology on April 26, providing organizations with a new approach to scan applications for potential security risks. The FAST product enables automated security test generation that can be used to look for both known and unknown vulnerabilities in running code. With FAST, Wallarm claims that is can also find anomalies in application responses that could potentially lead to risk as well. “FAST is not

Read more

Security in DevOps Is Lagging Despite Advantages and Opportunities

Source – bwcio.businessworld.in Synopsys Inc. has released new data that highlights the opportunities and challenges of DevSecOps, an emerging paradigm in which DevOps teams incorporate application security into their continuous integration and continuous delivery (CI/CD) workflows. The 451 Research report commissioned by Synopsys, DevSecOps Realities and Opportunities, analyses survey results from 350 enterprise decision-makers at large enterprises across a variety of industries. The study found that only half of CI/CD workflows include application security testing elements despite respondents citing awareness

Read more

A complete beginner’s guide to blending DevOps and security

Source – techtarget.com DevOps can be daunting enough for those brand-new to it. And it becomes even trickier when you begin to add security into the mix. If you want to build out your DevOps and security programs in order to improve your application security initiatives, vulnerability testing and verification have to be baked into your day-to-day processes. The DevOps/DevSecOps approach allows for security to be introduced earlier in the software development lifecycle. Instead of performing security checks once the code is

Read more

Democracy & DevOps: What Is the Proper Role for Security?

Source – darkreading.com Security experts need a front-row seat in the application development process but not at the expense of the business. With the advent of the cloud and DevOps, the job of implementing security has been dispersed more widely across IT. This has led to significant gains in speed and agility, but it has also created unacceptable risk for the business. For security, the pendulum has swung too far toward democracy. We need to pull it back. It’s easy to

Read more

Shortcomings of DevOps automation and security bug detection

Source – theserverside.com Eariler this year we spoke with Jim Manco of Manicode security. It was immediately prior to Oracle OpenWorld 2017, in which Manico was delivering a JavaOne session on Java SE 9 security. There are plenty of new tools and technologies in the latest version of the JDK to help minimize the number of Java security bugs that developers might encounter. Of course, it’s not good enough just having technologies like JEP-273 (DRBG-Based SecureRandom Implementations), JEP-290 (Filtering of Incoming Serialization Data), and

Read more
1 2 3