days
0
-11
-4
hours
-2
-2
minutes
-4
-2
seconds
-5
-6
search

#security

Putting the "Sec" in DevSecOps – Part 2

DevSecOps Panel – Best DevOps Security Practices & Best Tools

Since DevSecOps is such a prominent topic as we move into 2020 that we decided to ask five experts their opinions on the subject of security roles being integrated into DevOps. In this second part of our panel series we ask three questions: Where are applications most vulnerable? What are the best security practices? What tools do they recommend? Here’s what they had to say.

Putting the "Sec" in DevSecOps – Part 1

DevSecOps Panel – What Is DevSecOps & DevOps Security Challenges

Since DevSecOps is such a prominent topic as we move into 2020 that we decided to ask five experts their opinions on the subject of security roles being integrated into DevOps. In this first part of our panel series we ask two questions: What is DevSecOps? Where is it easy and where is it difficult to keep an eye on security? Here’s what our experts had to say.

Secure cloud network architectures

How automation mitigates security concerns surrounding cloud migrations

Organizations continue moving to the cloud, and they show no sign of slowing down. However, many IT and security professionals have reservations about security when it comes to the cloud. In this article, Roberto Garcia discusses how automation helps minimize risks resulting from human error and protect against common security mistakes when migrating to the cloud.

The future of responsible data

Data protection in 2020, only the responsible will survive

The past decade saw a number of massive data breaches from well-known companies such as Target, Yahoo, and Equifax. In the coming years, companies will need to find better ways to protect their data and ensure customer privacy. This article dives into some of the adjustments that we can expect to see in the next few years.

Protecting our data

How AI has the power to save the world from identity theft

Identity theft rose to the top of crimes reported by US customers and it continues to affect thousands of people. ID theft, unauthorized payments, and even blackmail is possible with the information that hackers steal every year. Is artificial intelligence the solution that we need to protect our sensitive information on a global scale? New technologies such as DeepCode may reduce ID theft.

2020 predictions on securing APIs

Ahead in 2020: Preparing for new mechanisms that will help secure APIs

If you’re like me, you’ve spent the last several weeks reviewing the vast number of predictions industry players have been making in and around the software development space. One that I don’t think has received enough coverage is the exciting prospect that browser vendors will eventually start adding mechanisms to secure localStorage, a JavaScript accessible storage technology commonly, but dangerously, used to store critical data such as authentication tokens. While it’s unlikely we’ll see browsers implement any improvements in 2020, the sad reality is that we’re likely to see attacks that necessitate a response.

Exercising caution

6 places to continuously monitor for open source vulnerabilities

Open source tools have taken center stage in the DevOps toolchain. As organizations become increasingly dependent on open source tools, the risks that affect these tools is transferred to these organizations. To mitigate this risk, it is essential for organizations to practice continuous monitoring of open source tools. Let’s look at the various layers in an open source stack, and identify key points of concern that need monitoring.

Upgrading remote access to the modern era

How ZTNA and SDP are becoming the gold standard in secure remote access

VPN services still use concepts based on software from the mid-1990s. However, zero-trust network access (ZTNA) reflects modern security sensibilities. A network designed to conform to ZTNA standards represents a complete rethinking of how network security functions. Unlike a VPN, ZTNA networks treat all users, internal or external, the same.

Guiding product managers

Security engineering: Glide path for software products

How can you identify security engineering for the end state of your project? A product manager needs to answer the following questions: – What is the right security engineering end state for me? What is the minimum? When should I stop? This article explores security engineering, investing in security compliance, and the journey to reaching maturity.

Making a disaster recovery plan

Data recovery: What matters when disaster hits

Did you know: Almost 40 percent of small businesses never reopen following a natural disaster. All businesses, large and small, should have a data recovery plan in case disaster hits, whether that disaster is a flood or accidentally deleting critical code. Here’s what to anticipate when disaster strikes, and how to start preparing a solid recovery plan.

Fortifying mobile apps

App shielding vs. bug bounty programs: In pursuit of fortified mobile applications

Make no mistake, all software has bugs; the industry standard ranges from 15 to 50 errors per 1,000 of code. Code review and bug bounty programs cannot find all of them. For better security against vulnerabilities, companies should add a layer of protection with app shielding. App shielding is an approach to application security using a three-pronged approach.