Why runtime application self-protection is critical for app security

Source – appdevelopermagazine.com Today most of us go about implementing security from the outside in. The common practice is to start by defining a perimeter and trying to defend it with various security tools. Even though perimeters have been porous for more than a decade, we still can’t give up this notion that if we build a better wall we can keep our enterprises safer. Certainly that is where most enterprises are spending their security budgets. Gartner estimates we spend more

Read more

Automated Testing: Remember Security

Source – devops.com Between continuous integration (CI) and release automation (RA), we’ve come a long way in making testing both integral and automated. This testing has allowed QA staff and developers to spend more time adding value by looking at problem areas instead of running tests by hand. Shops that have CI well-integrated into their application processes and are using test driven development (TDD) claim they have improved both time to deployment and code quality. But we’re still struggling to get

Read more

Security and Development Teams Collaborate on Apps

Source – infosecurity-magazine.com Security teams and developers are more aligned and capable of taking a collaborative approach than many in the industry believe, according to a new study from Veracode. The application security vendor, recently acquired by CA Technologies, polled 400 IT professionals in the UK, US and Germany to better understand the relationship between the two functions. There’s a common perception that developers and security professionals are fundamentally at odds: the former prioritizing features and time-to-market and the latter focused

Read more

Application Security Report Calls Out Problems in Mobile, IoT Devices and DevOps

Source – securityintelligence.com Vulnerabilities in mobile backends, web interfaces to the Internet of Things (IoT) and negligent DevOps practitioners are among the fastest growing application security threats, according to a report released at the InfoSecurity Europe conference in London this week. What’s the Problem? Research from High-Tech Bridge, a Swiss company that also operates in the U.S., said 83 percent of web service and application programming interfaces (APIs) used in apps for retail, banking and other markets could fall prey to

Read more

Security & Development: Better Together

Source – darkreading.com How DevSecOps removes the silos between security and application development teams so that everyone can work together at the same speed. For organizations trying to accelerate their product go-to-market, DevOps has transformed application development. By knocking down the wall between development and operations it’s now possible to release incremental changes more often. The bad news is that security teams are not equipped to move as quickly, and are falling behind. For security teams looking for best practices to

Read more

Improving Linux Security with DevSecOps

Source – linuxjournal.com Ask people who run IT departments these days what keeps them up at night, and they’ll probably tell you it’s security—or the lack of it. With the explosive growth of malicious attacks on everything from hospitals to Fortune 500s, security—not hardware, software and even staff—is what currently makes life miserable. That’s why organizations of all sizes are looking to change fundamentally how they do security. It’s no longer a single team’s job to make sure systems are secure

Read more

DevOps Tips and Inspiration: Metrics

Source- Electric-cloud.com Our Continuous Discussions (#c9d9) video podcast – now in its 4th year! – has hosted hundreds (yes, literally) of experts from the DevOps community, who get together every other Tuesday to share their experience and expertise around a wide range of topics related to modern software delivery. In our 70+ episodes so far, we’ve featured some of the biggest DevOps luminaries and technology leaders, who shared their learning, war stories, and tips – around topics such as microservices, containers, continuous

Read more

DevOps shops size up security and compliance as code

Source – techtarget.com IT pros in DevOps shops want compliance and security to be the next things they automate, but people with the right skills are tough to find. AUSTIN — As enterprise IT pros gain experience with DevOps and infrastructure as code, they also begin to assess whether code can help with IT security and compliance problems. Products such as Chef Compliance and InSpec are on the minds of DevOps pros at ChefConf here this week. InSpec is an open

Read more

13 benefits you will get by using Test Driven Development

Source – techpatio.com The first thing I do when a tech company says they are Agile, is ask about test driven development and continuous integration. If they don’t do it, in my opinion, they are just not Agile. Today I would like to focus on the benefits of TDD. Over the years I have been listening to different opinions about TDD. People talking about it’s importance and about past experiences, working with a code that was not designed using Test Driven

Read more

Trends in DevOps: Security

Source – news.sys-con.com we’re pretty focused on being involved in the DevOps community by providing perspectives on where we’ve been, where we are and where we’re headed as a community — and of course hearing from the community as well! And, if you follow this blog you probably saw an earlier post recapping our Predictions and Trends in DevOps webinar, which brought together four DevOps thought leaders to give us their perspective on what’s happening in 2017 and beyond. If you haven’t already

Read more
1 2 3