Why runtime application self-protection is critical for app security

Source – appdevelopermagazine.com Today most of us go about implementing security from the outside in. The common practice is to start by defining a perimeter and trying to defend it with various security tools. Even though perimeters have been porous for more than a decade, we still can’t give up this notion that if we build a better wall we can keep our enterprises safer. Certainly that is where most enterprises are spending their security budgets. Gartner estimates we spend more

Read more

Automated Testing: Remember Security

Source – devops.com Between continuous integration (CI) and release automation (RA), we’ve come a long way in making testing both integral and automated. This testing has allowed QA staff and developers to spend more time adding value by looking at problem areas instead of running tests by hand. Shops that have CI well-integrated into their application processes and are using test driven development (TDD) claim they have improved both time to deployment and code quality. But we’re still struggling to get

Read more

Security and Development Teams Collaborate on Apps

Source – infosecurity-magazine.com Security teams and developers are more aligned and capable of taking a collaborative approach than many in the industry believe, according to a new study from Veracode. The application security vendor, recently acquired by CA Technologies, polled 400 IT professionals in the UK, US and Germany to better understand the relationship between the two functions. There’s a common perception that developers and security professionals are fundamentally at odds: the former prioritizing features and time-to-market and the latter focused

Read more

Security & Development: Better Together

Source – darkreading.com How DevSecOps removes the silos between security and application development teams so that everyone can work together at the same speed. For organizations trying to accelerate their product go-to-market, DevOps has transformed application development. By knocking down the wall between development and operations it’s now possible to release incremental changes more often. The bad news is that security teams are not equipped to move as quickly, and are falling behind. For security teams looking for best practices to

Read more

DevOps shops size up security and compliance as code

Source – techtarget.com IT pros in DevOps shops want compliance and security to be the next things they automate, but people with the right skills are tough to find. AUSTIN — As enterprise IT pros gain experience with DevOps and infrastructure as code, they also begin to assess whether code can help with IT security and compliance problems. Products such as Chef Compliance and InSpec are on the minds of DevOps pros at ChefConf here this week. InSpec is an open

Read more

DevOps and SecOps: The Perks of Collaboration

Source – csoonline.com A quick search on the term DevOps shines a very telling light on where people see the value in this practice. Some proponents see DevOps as a faster path to market. Some feel that DevOps encourages faster innovation. Others suggest that entire organizations can literally move faster by virtue of using DevOps for product development. And still others who even think DevOps is TOO fast. Clearly, it’s all about speed, baby. There’s nothing wrong with getting things done

Read more

5 Simple Strategies for Building Security Into Your DevOps Process

Source – veracode.com Securing any development framework – whether Waterfall, Agile or DevOps – requires changes of culture, process, and technology. But unlike the straightforward flow of Waterfall, where security comes at the end of the process, it’s less clear where security fits in Agile and DevOps. As Securosis analyst Adrian Lane points out, Agile development includes “whatever work gets done in a sprint and does not bend to security, so you need to bend security to fit Agile.” Likewise, moving from

Read more

12 ways to improve run-time container security

Source – computerworld.com.au There still really aren’t many enterprise run-time security tools for containers available, which has skewed the conversation toward establishing defensive barriers prior to run-time – during the build, integration, and deployment stage. Of course, with rapidly evolving technology like containers, it can be all too easy to overlook the most basic security concerns, so, really, any focus at all is welcome. Efforts pointing out the security advantages of digitally signing container images at build time, and scanning them

Read more

DevOps, Security, Hybrid IT: Priorities of successful IT pros

Source – enterprisersproject.com Consider how much the role of the IT professional has changed during the last 10 years.  As traditional, siloed IT roles — such as network administrators, storage administrators, systems administrators, and database administrators — continue to include new responsibilities, IT professionals can no longer get by as specialists. These days, they’re are expected to be implementing new technologies and trends, inlcuding containers, serverless architecture, and IoT, while working with cloud service providers. They’re acting as liaisons to business leaders. On top of all that,

Read more

DevSecOps: Paradigm shifts are messy, but someone’s got to take the lead

Source:- infoworld.com A perfect storm of factors brewing in the dev, ops, and security worlds have created a window of opportunity to embed security into the application delivery lifecycle, in a needle-moving kind of way. However, security teams need to be the ones driving the DevSecOps charge or that needle will barely wobble. Given how many security practitioners spend their days putting out fires, adding “DevSecOps evangelist” to their job description is more likely to elicit groans than spur the desire

Read more
1 2 3 4