Since DevSecOps is such a prominent topic as we move into 2020 that we decided to ask five experts their opinions on the subject of security roles being integrated into DevOps. In this second part of our panel series we ask three questions: Where are applications most vulnerable? What are the best security practices? What tools do they recommend? Here’s what they had to say.
Since DevSecOps is such a prominent topic as we move into 2020 that we decided to ask five experts their opinions on the subject of security roles being integrated into DevOps. In this first part of our panel series we ask two questions: What is DevSecOps? Where is it easy and where is it difficult to keep an eye on security? Here’s what our experts had to say.
Working with Terraform infrastructure-as-code can sometimes be a bit of a headache when it comes to tracking security misconfigurations and compliance violations, but now Fugue has open sourced their Regula tool to assist engineers with maintaining vigilance. Let’s take a closer look.
In order to keep up with consumer demands and increased market competition, businesses know that speedy deployment is crucial and is one of the key components of DevOps metrics. You have to keep releasing new, responsive updates. DevSecOps can help promote faster deployment times and enhance security.
Organizations continue moving to the cloud, and they show no sign of slowing down. However, many IT and security professionals have reservations about security when it comes to the cloud. In this article, Roberto Garcia discusses how automation helps minimize risks resulting from human error and protect against common security mistakes when migrating to the cloud.
The past decade saw a number of massive data breaches from well-known companies such as Target, Yahoo, and Equifax. In the coming years, companies will need to find better ways to protect their data and ensure customer privacy. This article dives into some of the adjustments that we can expect to see in the next few years.
Identity theft rose to the top of crimes reported by US customers and it continues to affect thousands of people. ID theft, unauthorized payments, and even blackmail is possible with the information that hackers steal every year. Is artificial intelligence the solution that we need to protect our sensitive information on a global scale? New technologies such as DeepCode may reduce ID theft.
If you’re like me, you’ve spent the last several weeks reviewing the vast number of predictions industry players have been making in and around the software development space. One that I don’t think has received enough coverage is the exciting prospect that browser vendors will eventually start adding mechanisms to secure localStorage, a JavaScript accessible storage technology commonly, but dangerously, used to store critical data such as authentication tokens. While it’s unlikely we’ll see browsers implement any improvements in 2020, the sad reality is that we’re likely to see attacks that necessitate a response.
Open source tools have taken center stage in the DevOps toolchain. As organizations become increasingly dependent on open source tools, the risks that affect these tools is transferred to these organizations. To mitigate this risk, it is essential for organizations to practice continuous monitoring of open source tools. Let’s look at the various layers in an open source stack, and identify key points of concern that need monitoring.
Companies, search engines, and even the gadgets we use, collect information on our details and preferences, seemingly to improve their services. As such, there’s a certain level of protection information requires. However, can data privacy truly coexist with data intelligence?
VPN services still use concepts based on software from the mid-1990s. However, zero-trust network access (ZTNA) reflects modern security sensibilities. A network designed to conform to ZTNA standards represents a complete rethinking of how network security functions. Unlike a VPN, ZTNA networks treat all users, internal or external, the same.
How can you identify security engineering for the end state of your project? A product manager needs to answer the following questions: – What is the right security engineering end state for me? What is the minimum? When should I stop? This article explores security engineering, investing in security compliance, and the journey to reaching maturity.
Did you know: Almost 40 percent of small businesses never reopen following a natural disaster. All businesses, large and small, should have a data recovery plan in case disaster hits, whether that disaster is a flood or accidentally deleting critical code. Here’s what to anticipate when disaster strikes, and how to start preparing a solid recovery plan.
Make no mistake, all software has bugs; the industry standard ranges from 15 to 50 errors per 1,000 of code. Code review and bug bounty programs cannot find all of them. For better security against vulnerabilities, companies should add a layer of protection with app shielding. App shielding is an approach to application security using a three-pronged approach.
