Wallarm Launches Framework for Automatic Security Testing

Source – eweek.com Cybersecurity startup Wallarm announced the launch of its Framework for Automatic Security Testing (FAST) technology on April 26, providing organizations with a new approach to scan applications for potential security risks. The FAST product enables automated security test generation that can be used to look for both known and unknown vulnerabilities in running code. With FAST, Wallarm claims that is can also find anomalies in application responses that could potentially lead to risk as well. “FAST is not

Read more

Security in DevOps Is Lagging Despite Advantages and Opportunities

Source – bwcio.businessworld.in Synopsys Inc. has released new data that highlights the opportunities and challenges of DevSecOps, an emerging paradigm in which DevOps teams incorporate application security into their continuous integration and continuous delivery (CI/CD) workflows. The 451 Research report commissioned by Synopsys, DevSecOps Realities and Opportunities, analyses survey results from 350 enterprise decision-makers at large enterprises across a variety of industries. The study found that only half of CI/CD workflows include application security testing elements despite respondents citing awareness

Read more

A complete beginner’s guide to blending DevOps and security

Source – techtarget.com DevOps can be daunting enough for those brand-new to it. And it becomes even trickier when you begin to add security into the mix. If you want to build out your DevOps and security programs in order to improve your application security initiatives, vulnerability testing and verification have to be baked into your day-to-day processes. The DevOps/DevSecOps approach allows for security to be introduced earlier in the software development lifecycle. Instead of performing security checks once the code is

Read more

Democracy & DevOps: What Is the Proper Role for Security?

Source – darkreading.com Security experts need a front-row seat in the application development process but not at the expense of the business. With the advent of the cloud and DevOps, the job of implementing security has been dispersed more widely across IT. This has led to significant gains in speed and agility, but it has also created unacceptable risk for the business. For security, the pendulum has swung too far toward democracy. We need to pull it back. It’s easy to

Read more

Shortcomings of DevOps automation and security bug detection

Source – theserverside.com Eariler this year we spoke with Jim Manco of Manicode security. It was immediately prior to Oracle OpenWorld 2017, in which Manico was delivering a JavaOne session on Java SE 9 security. There are plenty of new tools and technologies in the latest version of the JDK to help minimize the number of Java security bugs that developers might encounter. Of course, it’s not good enough just having technologies like JEP-273 (DRBG-Based SecureRandom Implementations), JEP-290 (Filtering of Incoming Serialization Data), and

Read more

SecDevOps: Putting Security at the Heart of DevOps

Source – securityintelligence.com Agility has become an unavoidable necessity in a fast-moving technology environment, but achieving it can be a challenge for organizations and their development teams. The DevOps philosophy provides a road map; following it is not always as easy. Even more crucial than the need to transform the development process is the need to protect against ever more sophisticated threats and attacks. But some organizations are finding that agility and security can go hand in hand. SecDevOps is an

Read more

The Myth of Mutual Exclusivity: Making the DevOps Process More Agile Without Compromising Security

Source – securityintelligence.com The marketplace is demanding agility, but many enterprises perceive the need for agility as an ongoing security risk. If applications are constantly evolving, they assume, the process will constantly open up new avenues for attackers to exploit. This worry has given rise to a widespread misconception that security or agility is a binary choice. But a growing number of organizations are challenging this stereotype and actively working to integrate security into the DevOps process. These proactive players in

Read more

Secure DevOps lengthens IT ops to-do list

Source – techtarget.com Secure DevOps is a recent trend that has primarily involved collaboration between application developers and security experts so far — the IT ops role in the new collaboration between app developers and security pros hasn’t been fleshed out yet. But as developers and security professionals “shift security left” in the app delivery process, IT ops will need to respond accordingly, and preferably proactively. IT pros must collaborate with the security team as well as application developers. Following high-profile

Read more

How to Build a Better DevOps Model

Source – baselinemag.com Establishing a DevOps strategy and putting it into motion can prove extremely challenging. Success depends on factors such as technology, processes and culture. The complexities of digital business aren’t lost on anyone, but achieving the level of coordination and orchestration required to navigate today’s challenges can be overwhelming. “The ability to introduce new business services, new capabilities and new functions—and push them out to customers and others quickly and effectively—is dependent on the IT and business sides of

Read more

The future of AppSec: Stop fighting the last war

Source – helpnetsecurity.com It’s a cornerstone of military doctrine: when you focus too much on the last battle you faced, you miss signs of the new battleground taking shape. The principle holds as true for cybersecurity as it does for cavalries and tanks. The surest way to put your organization at risk is to keep your defense strategy rooted in the past – especially it wasn’t all that effective in the first place. If tactics like slow gatekeeping controls haven’t been

Read more
1 2 3