DevOps requires automation and testing to ensure application security

Source – techproresearch.com DevOps is known for continuous delivery and rapid iteration – almost the exact opposite of enterprise security, which can be seen as slow-moving and overly cautious. As more companies move toward DevOps as a means of delivering and maintaining applications, security becomes critical to plug gaps and prevent data breaches–especially in the continuous delivery pipeline, which can introduce more holes for hackers to wriggle into. Experts advise carefully designing the delivery pipeline and testing everything as thoroughly as

Application Security Report Calls Out Problems in Mobile, IoT Devices and DevOps

Source – securityintelligence.com Vulnerabilities in mobile backends, web interfaces to the Internet of Things (IoT) and negligent DevOps practitioners are among the fastest growing application security threats, according to a report released at the InfoSecurity Europe conference in London this week. What’s the Problem? Research from High-Tech Bridge, a Swiss company that also operates in the U.S., said 83 percent of web service and application programming interfaces (APIs) used in apps for retail, banking and other markets could fall prey to

May 15, 2017 bestdevops DevOps, DevOps Best Practices Leave a comment

Before You Outsource Code Development – Think About the Security Implications

Source – veracode.com Police in the Netherlands recently contacted more than 20,000 people who they suspect had their personal data stolen by a malicious web developer. This developer had built “backdoors” into applications he created for various businesses as a contractor. With the information he stole, it is alleged that he made online purchases, opened gambling accounts and impersonated victims’ family members. Outsourcing application development allows organizations to realize cost savings and provides the flexibility necessary to scale. However, as

May 3, 2017 bestdevops DevOps, DevOps Process, DevOps Updates Leave a comment

DevSecOps: Paradigm shifts are messy, but someone’s got to take the lead

Source:- infoworld.com A perfect storm of factors brewing in the dev, ops, and security worlds have created a window of opportunity to embed security into the application delivery lifecycle, in a needle-moving kind of way. However, security teams need to be the ones driving the DevSecOps charge or that needle will barely wobble. Given how many security practitioners spend their days putting out fires, adding “DevSecOps evangelist” to their job description is more likely to elicit groans than spur the desire

April 24, 2017 bestdevops DevOps, DevOps Best Practices, Test Driven Development Leave a comment

Advantages of Interactive Application Security Testing (IAST) over Static and Dynamic Testing

Source – contrastsecurity.com Interactive Application Security Testing (IAST) works in fundamentally different ways than static or dynamic tools using instrumentation technology. IAST leverages information from inside the running application, including runtime requests, data flow, control flow, libraries, and connections, to find vulnerabilities accurately. Because of this, interactive testing works better for application security. That’s why we created Contrast — to utilize next-generation technology to solve the growing problems inside the application security field. Because of this, interactive testing works better for application security. That’s

April 20, 2017 bestdevops DevOps, IT trends, Software Leave a comment

The intersection of DevOps and application security

Source – csoonline.com I’m sure you’ve seen the DevOps concept in development today. It focuses on bringing stability and reliability to corporate infrastructures and clouds. For example, many corporations have firewalls that protect the corporate infrastructure. DevOps would have any change to the firewall policy be versioned within a source code control system. This versioning is great because it enables a rollback to a stable version of the policy when a change goes awry. That improves reliability. Imagine DevOps being deployed

April 8, 2017 bestdevops DevOps, DevOps Best Practices, DevOps Updates Leave a comment

Resources for DevOps Pros to Learn About Security

Source:- threatstack.com These days, security should be part of everyone’s job. This is especially true for DevOps teams, which are responsible for developing, delivering, and maintaining critical applications for many organizations, and must therefore prioritize security as part of their role. But the world of security can seem like a bit of a mystery until you’ve been exposed to it. If you or someone on your team is looking to learn more about what it takes to run a secure

April 6, 2017 bestdevops DevOps, DevOps Best Practices, DevOps Process Leave a comment

Totally automatic: Improve DevOps and security in three key steps

Source:- techtarget.com Concerned about DevOps security? Learn three key steps to embedding security into the software development process, including how to improve automation. The goal of DevOps is to engage the development and operations teams simultaneously throughout the software development lifecycle. That means both during the code’s initial development and whenever developers modify or update it. No matter what the stage, it’s essential to maintain security and compliance by building them in at the outset. Here’s the good news: There’s

March 28, 2017 bestdevops DevOps, IT trends, Test Driven Development Leave a comment

Three Lessons From Test-Driven Development

Source:- securityintelligence.com In 1999, Kent Beck’s “Extreme Programming Explained: Embrace Change,” became an inspiration for rethinking the way software was developed. Three years later, his “Test-Driven Development: By Example” further elaborated on the need to reconsider the way software is planned, how teams operate and, most importantly, the way software is tested. To date, there are over 170 books on Amazon about test-driven development (TDD). For readers curious about the origins and evolution of the concept, the Agile Alliance posted

March 1, 2017 bestdevops DevOps, DevOps Process, Test Driven DevOps Leave a comment

How to make mobile app security testing automation a DevOps reality

Source:- nowsecure.com Eighty-one percent of enterprises and 70 percent of small-to-medium businesses have adopted DevOps according to the RightScale 2016 State of the Cloud Report.1 In comparison, only 29 percent of mobile apps, on average, undergo vulnerability testing according to the 2017 Study on Mobile IoT Application Security conducted by Ponemon Institute.2 I think the gap between these two statistics can be reduced with some minor effort. The purpose of this article is to explain how to make mobile app security

February 25, 2017 bestdevops DevOps, DevOps Best Practices Leave a comment

Six Tips for Using DevOps to Combat Security Vulnerabilities

Source:- samsung.com Growing requirements from stakeholders for rapid app deployment means more businesses need to explore DevOps to ensure collaboration between their development and operations teams during the development life-cycle. In a recent BMC/Forbes security survey, 60 percent of executives said their IT and security teams “have only a general or a little understanding of each other’s requirements.” Additionally, the report revealed that these two groups often have goals that are out of sync. Such complications lead to companies taking

February 10, 2017 bestdevops DevOps, DevOps Best Practices, DevOps Events Leave a comment

Secure Coding: The Rise of SecDevOps

Source:- databreachtoday.com For too long, ensuring that code is securely written – and bug free – has been a business afterthought. But there’s been new hope for building security into the development lifecycle, thanks to the rise of DevOps, aka rugged software, says Chris Wysopal, CTO of the application security firm Veracode. DevOps – a truncation of software development and IT operations – incorporates aspects of agile development, including short sprints – perhaps just two weeks in length – that

« 1 2