5 Simple Strategies for Building Security Into Your DevOps Process

Source – veracode.com Securing any development framework – whether Waterfall, Agile or DevOps – requires changes of culture, process, and technology. But unlike the straightforward flow of Waterfall, where security comes at the end of the process, it’s less clear where security fits in Agile and DevOps. As Securosis analyst Adrian Lane points out, Agile development includes “whatever work gets done in a sprint and does not bend to security, so you need to bend security to fit Agile.” Likewise, moving from

Read more

12 ways to improve run-time container security

Source – computerworld.com.au There still really aren’t many enterprise run-time security tools for containers available, which has skewed the conversation toward establishing defensive barriers prior to run-time – during the build, integration, and deployment stage. Of course, with rapidly evolving technology like containers, it can be all too easy to overlook the most basic security concerns, so, really, any focus at all is welcome. Efforts pointing out the security advantages of digitally signing container images at build time, and scanning them

Read more

DevOps, Security, Hybrid IT: Priorities of successful IT pros

Source – enterprisersproject.com Consider how much the role of the IT professional has changed during the last 10 years.  As traditional, siloed IT roles — such as network administrators, storage administrators, systems administrators, and database administrators — continue to include new responsibilities, IT professionals can no longer get by as specialists. These days, they’re are expected to be implementing new technologies and trends, inlcuding containers, serverless architecture, and IoT, while working with cloud service providers. They’re acting as liaisons to business leaders. On top of all that,

Read more

IT security sucks: Here’s why (and how to fix it)

Source – itbusinessnet.com The rise of cybercrime across the globe has proven that traditional criminals are finding new ways to attack: Physical access to the goods is no longer required, now the basic requirements are internet connectivity, an intellect capable of operating tools built by someone else, and a pronounced lack of scruples. While the modern workforce is familiar with buzzwords like cyber crime and black hat, only 38 percent of organizations surveyed for ISACA’s “2015 Global Cybersecurity Status Report” claimed

Read more

3 steps to secure, open source DevOps

Source – opensource.com Nobody really writes their own code anymore, right? We go out to GitHub, download some libraries, avoid recreating unnecessary wheels, and package those wheels together along with our own glue to create new software. Then we download a half dozen front-end frameworks to make it all pretty and responsive and we’re off the races. In my review of apps, both in my company and others, I’ve found that more than 90% of the code that makes up an

Read more

DevSecOps: Paradigm shifts are messy, but someone’s got to take the lead

Source:- infoworld.com A perfect storm of factors brewing in the dev, ops, and security worlds have created a window of opportunity to embed security into the application delivery lifecycle, in a needle-moving kind of way. However, security teams need to be the ones driving the DevSecOps charge or that needle will barely wobble. Given how many security practitioners spend their days putting out fires, adding “DevSecOps evangelist” to their job description is more likely to elicit groans than spur the desire

Read more

DevSecOps, or how to build safer software so much faster

Source – techtarget.com Call it DevSecOps or SecDevOps or security in DevOps, but no matter what you call it your development organization will be tackling it soon. DevOps is hard to do and security is harder. But at a time when security breaches continue to dominate the headlines, there’s no question that security and DevOps need to come together. The only issues are when and how. A recent survey by DevOps software supply chain provider Sonatype found that for every

Read more

Advantages of Interactive Application Security Testing (IAST) over Static and Dynamic Testing

Source – contrastsecurity.com Interactive Application Security Testing (IAST) works in fundamentally different ways than static or dynamic tools using instrumentation technology. IAST leverages information from inside the running application, including runtime requests, data flow, control flow, libraries, and connections, to find vulnerabilities accurately. Because of this, interactive testing works better for application security. That’s why we created Contrast — to utilize next-generation technology to solve the growing problems inside the application security field. Because of this, interactive testing works better for application security. That’s

Read more

Resources for DevOps Pros to Learn About Security

Source:- threatstack.com These days, security should be part of everyone’s job. This is especially true for DevOps teams, which are responsible for developing, delivering, and maintaining critical applications for many organizations, and must therefore prioritize security as part of their role. But the world of security can seem like a bit of a mystery until you’ve been exposed to it. If you or someone on your team is looking to learn more about what it takes to run a secure

Read more

IT ops pros adopt iterative approach to security in DevOps

Source:- searchitoperations.techtarget.com Baby steps that add security in DevOps environments are better than none at all, according to experienced IT ops practitioners. Most organizations have dedicated IT security departments or personnel, but lack of a mature DevSecOps collaboration means IT ops ends up on the front lines to identify vulnerabilities and anomalies in production applications. Like it or not, security in DevOps environments is often left up to them. Attacks are often unmasked because they show up as a problem

Read more
1 10 11 12 13