The intersection of DevOps and application security

Source – csoonline.com I’m sure you’ve seen the DevOps concept in development today. It focuses on bringing stability and reliability to corporate infrastructures and clouds. For example, many corporations have firewalls that protect the corporate infrastructure. DevOps would have any change to the firewall policy be versioned within a source code control system. This versioning is great because it enables a rollback to a stable version of the policy when a change goes awry. That improves reliability. Imagine DevOps being deployed

Read more

Resources for DevOps Pros to Learn About Security

Source:- threatstack.com These days, security should be part of everyone’s job. This is especially true for DevOps teams, which are responsible for developing, delivering, and maintaining critical applications for many organizations, and must therefore prioritize security as part of their role. But the world of security can seem like a bit of a mystery until you’ve been exposed to it. If you or someone on your team is looking to learn more about what it takes to run a secure

Read more

DevOps success factors: Culture, APIs and security

Source:- zdnet.com As little as a decade ago, software was shipped in a CD-ROM to a storefront, purchased, and likely abandoned after the user’s initial installation. Today, code is shipped via the internet, meaning that continuous software updates are not only achievable, but expected, whether it’s for desktop, mobile, or browser-based applications. In an age where competitive advantage requires fast time to market, high service levels, and relentless experimentation, enterprises that cannot continuously deliver improvements risk losing in the marketplace.

Read more

Three Lessons From Test-Driven Development

Source:- securityintelligence.com In 1999, Kent Beck’s “Extreme Programming Explained: Embrace Change,” became an inspiration for rethinking the way software was developed. Three years later, his “Test-Driven Development: By Example” further elaborated on the need to reconsider the way software is planned, how teams operate and, most importantly, the way software is tested. To date, there are over 170 books on Amazon about test-driven development (TDD). For readers curious about the origins and evolution of the concept, the Agile Alliance posted

Read more

Five security trends to watch in virtualization in 2017

Source:- datacenterdynamics.com Virtual components and environments present a particular challenge when we talk about corporate cyber security. Here are the five trends I believe will define the field of virtualization in 2017: 1. Virtualization security is focusing on integration Considering security solutions for VDI and virtualized servers, I predict that enterprises will pay more attention to the smooth integration between various systems instead of the thorough examination of product features under a microscope. Security solutions that can be integrated into

Read more

7 best practices for securing your cloud service

Source:- networkworld.com As enterprises move their applications and data to the cloud, executives increasingly face the task of balancing the benefits of productivity gains against significant concerns about compliance and security. Security in the cloud is not the same as security in the corporate data center. Different rules and thinking apply when securing an infrastructure over which one has no real physical control. When leveraging cloud services, enterprises need to evaluate several key factors, including: Data encryption capabilities for both

Read more

Secure DevOps: A simple plan to deliver business value

Source:- techbeacon.com DevOps—the movement to break down silos, deliver software faster, and overall create a better experience for customers—is spreading from startups and experimenters to the enterprise. Many security team leads would cringe at the idea of faster development cycles in an IT department that has even less time and patience for standard security checks, but James Wickett, a senior DevOps engineer, sees not just opportunity, but necessity. “Traditional information security is going to die if we don’t respond to

Read more

Three Overlooked Lessons about Container Security

Source:- linux.com I’ve just joined container security specialists Aqua Security and spent a couple of days in Tel Aviv getting to know the team and the product. I’m sure I’m learning things that might be obvious to the seasoned security veteran, but perhaps aren’t so obvious to the rest of us! Here are three aspects I found interesting and hope you will too, even if you’ve never really thought about the security of your containerized deployment before: #1: Email Addresses

Read more

Secure Coding: The Rise of SecDevOps

Source:- databreachtoday.com For too long, ensuring that code is securely written – and bug free – has been a business afterthought. But there’s been new hope for building security into the development lifecycle, thanks to the rise of DevOps, aka rugged software, says Chris Wysopal, CTO of the application security firm Veracode. DevOps – a truncation of software development and IT operations – incorporates aspects of agile development, including short sprints – perhaps just two weeks in length – that

Read more

Docker Introduces Secrets Management

Source:- crn.com Docker’s latest update helps enterprise customers protect their secrets. An update released Thursday for Docker Datacenter, the container-tech pioneer’s commercial offering, implements a container-native framework for controlling access to sensitive information like API keys, encryption keys and passwords, along with a security scanning feature that can detect vulnerabilities and bugs. The new feature for managing access-control secrets, architected to facilitate large container deployments, can deliver those protected pieces of information to specific, authorized containers in a cluster. Secrets

Read more
1 2 3 4