Combat waste with a DevOps feedback loop, triage and automation

Source – devopsagenda.techtarget.com Gruver sat down with DevOps Agenda to explain enterprise inefficiencies and the value of a quick and effective DevOps feedback loop. The basic definition of DevOps is the answer to a question: How do you release code on a more frequent basis while enabling all aspects of quality? It should be a straightforward, easy process, and everybody would be doing it if there weren’t waste and inefficiencies in the system. One thing I like about DevOps is that, when you

Read more

3 steps to secure, open source DevOps

Source – opensource.com Nobody really writes their own code anymore, right? We go out to GitHub, download some libraries, avoid recreating unnecessary wheels, and package those wheels together along with our own glue to create new software. Then we download a half dozen front-end frameworks to make it all pretty and responsive and we’re off the races. In my review of apps, both in my company and others, I’ve found that more than 90% of the code that makes up an

Read more

Advantages of Interactive Application Security Testing (IAST) over Static and Dynamic Testing

Source – contrastsecurity.com Interactive Application Security Testing (IAST) works in fundamentally different ways than static or dynamic tools using instrumentation technology. IAST leverages information from inside the running application, including runtime requests, data flow, control flow, libraries, and connections, to find vulnerabilities accurately. Because of this, interactive testing works better for application security. That’s why we created Contrast — to utilize next-generation technology to solve the growing problems inside the application security field. Because of this, interactive testing works better for application security. That’s

Read more

CA Technologies (CA) Completes the Purchase of Veracode

Source:- nasdaq.com CA Technologies CA recently announced that it has completed the acquisition of a Burlington security software company Veracode, for approximately $614 million in cash. The deal, signed in early March, was subject to customary closing conditions. Founded in 2006, Veracode offers cloud-based software that helps organisations to run large-scale performance and load tests quickly, easily and inexpensively during the building and deployment process. The company serves more than 1,400 customers, which includes Boeing and Thomson Reuters, and its

Read more

Three Lessons From Test-Driven Development

Source:- securityintelligence.com In 1999, Kent Beck’s “Extreme Programming Explained: Embrace Change,” became an inspiration for rethinking the way software was developed. Three years later, his “Test-Driven Development: By Example” further elaborated on the need to reconsider the way software is planned, how teams operate and, most importantly, the way software is tested. To date, there are over 170 books on Amazon about test-driven development (TDD). For readers curious about the origins and evolution of the concept, the Agile Alliance posted

Read more

How to make mobile app security testing automation a DevOps reality

Source:- nowsecure.com Eighty-one percent of enterprises and 70 percent of small-to-medium businesses have adopted DevOps according to the RightScale 2016 State of the Cloud Report.1 In comparison, only 29 percent of mobile apps, on average, undergo vulnerability testing according to the 2017 Study on Mobile IoT Application Security conducted by Ponemon Institute.2 I think the gap between these two statistics can be reduced with some minor effort. The purpose of this article is to explain how to make mobile app security

Read more

Six Tips for Using DevOps to Combat Security Vulnerabilities

Source:- samsung.com Growing requirements from stakeholders for rapid app deployment means more businesses need to explore DevOps to ensure collaboration between their development and operations teams during the development life-cycle. In a recent BMC/Forbes security survey, 60 percent of executives said their IT and security teams “have only a general or a little understanding of each other’s requirements.” Additionally, the report revealed that these two groups often have goals that are out of sync. Such complications lead to companies taking

Read more

5 ways to align security with your DevOps strategy

Source:- techbeacon.com In 2016, DevOps reached a tipping point. Half of all organizations surveyed indicated that they are actively using it as a model for releasing and maintaining custom applications, according to the Gartner Research note DevSecOps: How to Seamlessly Integrate Security Into DevOps, September, 2016. Yet, about 80 percent of those organizations surveyed expressed concerns that information security policies and teams are preventing them from achieving the level of agility that DevOps promises. Development, operations and security all want

Read more