In this article, we’ll take a look at five principles that should be followed when coding in Java in 2020. Ideally, these principles should be integrated into a DevSecOps process, in which security is built into development from the ground up, but they are equally useful for auditing legacy code.
Secure Software Development Lifecycle (Secure SDLC) is a key focus area for product engineering organizations. Adopting security as a part of the development process to reduce the risk of vulnerabilities and threats, leads to reduced security incidents and damages. This article presents an uncomplicated view of Secure SDLC for practitioners – Engineering leaders, Product Managers, and Process Leads.
Quantum computing might initially sound like a far-fetched futuristic idea, but companies such as Amazon, Google, and IBM are putting their weight behind it and preparations have begun. With quantum computing potentially within our reach, what will happen to our current security models and modern-day encryption? See what security experts are doing to prepare for quantum threats.
Where do you store your credentials and secrets? In .env files or in environment variables, or even worse, in config files? Are your primary AWS keys shared amongst developers? Do you still have SSH keys from former employees on your servers?
Keeping your data and identity secure is more important than ever in 2020, and as tech evolves, it has also become more complicated than ever. How will cybersecurity evolve? Phishing isn’t just limited to email anymore, and your car’s built-in tech might become the source of data theft. Keep yourself secure and learn about what security experts think is yet to come.
Cybersecurity doesn’t just apply to your personal devices, it also is one of the biggest roles in modern warfare and cannot be ignored. Cyberwarfare is far from a theoretical threat. History has shown that the value of gaining access to privileged information and disrupting systems for political gain is more than enough motive to generate action from independent hacktivists, nation-states, and private organizations.
The Internet was originally built without concerns for privacy, especially not the complicated security features required by today’s standards. It’s far too late to redesign the entire Internet, however, two blockchain projects offer potential security solutions. Blockchain’s capabilities of serving as a decentralized payment system could be the secret for the future of internet security.
Since DevSecOps is such a prominent topic as we move into 2020 that we decided to ask five experts their opinions on the subject of security roles being integrated into DevOps. In this second part of our panel series we ask three questions: Where are applications most vulnerable? What are the best security practices? What tools do they recommend? Here’s what they had to say.
Since DevSecOps is such a prominent topic as we move into 2020 that we decided to ask five experts their opinions on the subject of security roles being integrated into DevOps. In this first part of our panel series we ask two questions: What is DevSecOps? Where is it easy and where is it difficult to keep an eye on security? Here’s what our experts had to say.
Working with Terraform infrastructure-as-code can sometimes be a bit of a headache when it comes to tracking security misconfigurations and compliance violations, but now Fugue has open sourced their Regula tool to assist engineers with maintaining vigilance. Let’s take a closer look.
In order to keep up with consumer demands and increased market competition, businesses know that speedy deployment is crucial and is one of the key components of DevOps metrics. You have to keep releasing new, responsive updates. DevSecOps can help promote faster deployment times and enhance security.
Organizations continue moving to the cloud, and they show no sign of slowing down. However, many IT and security professionals have reservations about security when it comes to the cloud. In this article, Roberto Garcia discusses how automation helps minimize risks resulting from human error and protect against common security mistakes when migrating to the cloud.
The past decade saw a number of massive data breaches from well-known companies such as Target, Yahoo, and Equifax. In the coming years, companies will need to find better ways to protect their data and ensure customer privacy. This article dives into some of the adjustments that we can expect to see in the next few years.
Identity theft rose to the top of crimes reported by US customers and it continues to affect thousands of people. ID theft, unauthorized payments, and even blackmail is possible with the information that hackers steal every year. Is artificial intelligence the solution that we need to protect our sensitive information on a global scale? New technologies such as DeepCode may reduce ID theft.