By 2022, it's predicted that APIs will become the most frequently attacked enterprise web application vector. To fully realize a successful approach to development security operations (DevSecOps) for API security, creating an effective feedback loop between DevOps and SecOps teams is critical to getting a grasp on API security risks ...
DevSecOps
September 23, 2021
September 21, 2021
How does Kubernetes act as an OS for container-based apps? As an OS, Linux manages the resources needed by applications on a single computer. In Kubernetes, the challenge is managing the resources for many applications across many computers ...
August 09, 2021
Baking security into your software and apps from the beginning is more important than ever. Without security, your development lifecycle is open to bugs and vulnerabilities putting your organization and customers at risk. I asked several speakers and sponsors for the upcoming SKILup Day as well as several DevOps Institute Ambassadors to weigh in on the hottest DevSecOps trends. Here's what they shared ...
August 05, 2021
While DevSecOps practices are still evolving, there are many trends to keep an eye on. I asked several speakers and sponsors for the upcoming SKILup Day as well as several DevOps Institute Ambassadors to weigh in on the hottest DevSecOps trends. Here's what they shared ...
August 02, 2021
While industries like financial services, travel, and banking have faced and solved similar problems — most notably through APIs — healthcare lags behind. However, recent changes have unlocked the healthcare industry's ability to use APIs ...
July 26, 2021
Moving toward DevSecOps isn't necessarily an easy process. Organizations first need to adjust their culture to embrace security and define enterprise-wide application security policies and standards to be enabled through automation. Then, they can invest in the required integration of such techniques in the CI/CD processes, including the means to report on discovered issues as would happen for any other software defects. But what does this really mean? ...
July 22, 2021
Delivering clean and safe software is no longer an option for developers or the organizations they work for. Customers have little patience for buggy, error-prone apps and software that's rife with critical vulnerabilities. These sort of quality and security issues can seriously hurt a company's brand reputation and negatively impact revenues ...
June 21, 2021
Static application security testing (SAST), which scans code to find vulnerabilities and bugs, is increasingly considered a best practice for detecting problems early in the development cycle. However, to gain broader adoption both within an organization and across the industry SAST must overcome several barriers based on lingering perceptions. Let’s look at these in more detail ...
June 10, 2021
If security teams cannot prioritize or secure their Kubernetes deployment, the entire cloud application stack and larger organization are at high risk. When not protected, attackers are able to take advantage of cluster settings and escalate privileges to gain full control, which can result in company breaches and the exploitation of private data. Cybersecurity teams should follow these steps to better protect their data stored in the cloud from attack ...
June 09, 2021
In 2020, while a pandemic raged and teams everywhere learned how to work remotely, something rather unexpected happened to DevOps: it grew up. Teams stopped talking about DevOps and simply started doing DevOps, bringing in "big guns" technologies, new ways of thinking, and making huge breakthroughs in everything from release times to automation, new technology adoption and code quality ...
May 17, 2021
The cyber security industry has seen massive growth over the past several decades, and all signs indicate that the industry is only going to continue its meteoric rise. Young professionals who are interested in IT and cyber security can have thriving careers in this fascinating field, including a stimulating job as a DevSecOps Engineer ...
April 29, 2021
The DevOps revolution of the past decade has been driven by an increasingly fast-moving world. Where once the release of new software and applications was an event that happened every few months, it's now a constant, ongoing process with new code rolled out continually. DevOps teams have embraced this challenge by breaking free of the traditional siloed approach, and owning more of the development cycle themselves, including quality testing, integration and deployment. However, there's a major component that DevOps is still failing to take responsibility for: security ...
April 26, 2021
Regardless of where your organization sits in the journey towards better application security (AppSec), the reality of what drives future success remains the same. From emerging to maturing to optimizing, all AppSec programs will eventually need to lock down the gold ring of security — otherwise known as visibility ...
April 22, 2021
Retail may never be the same as it was pre-COVID and the pace of digital transformation keeps pushing faster. Because of the major uptick in volume in ecommerce, retailers' digital presence needs to be responsive and secure. Web applications need to meet customer demands for speed and a simple interface, but with 43% of all breaches occurring as a result of a vulnerable application layer, the security of these applications is critical ...
April 19, 2021
While it may seem counterintuitive to add another component to developers' workloads, organizations can meet the needs of today's developers by prioritizing effective AppSec training. But what exactly makes AppSec training effective, and how does this differ from the traditional types of educational resources developers are currently exposed to? Let's explore ...
April 08, 2021
The increase in public cloud consumption means an inevitable growth in the volume of security alerts, notifications and events. And with no common protocol among cloud service providers for handling security events, cloud consumers are burdened with increased spending on tools, equipment and talent needed to maintain at least a minimum amount of security across their assets. Because of these alert disparities, the ONUG Collaborative is developing the Cloud Security Notification Framework, or CSNF, to provide consistency among providers ...
April 07, 2021
Organizations need to show agility in the face of ever-changing economic, social, governmental, regulatory, and technology disruptions. Today, in the near post-COVID world, we can work, learn, and socialize from anywhere. The enterprise boundary has been extended beyond the DMZ to the cloud and to your home. This means we can't have a network perimeter-centric view of security anymore; instead, we need to securely enable access for the various users regardless of their location, device, or network ...
February 24, 2021
There are several forces that are going to impact this field that we'll see in 2021. Let's get a peek into DevOps' future with an eye on some trends that have already shown up ...
February 23, 2021
There are two important considerations when adding security to an existing DevOps pipeline. The first is security in code, which means, when code is developed, the security of the code itself should be continuously reviewed and assessed. The second is security as code, in other words, security requirements need to be part of the process from the beginning. Let's look at both of these concepts in a bit more detail ...
February 16, 2021
In the quest to quickly deliver quality apps and services while providing a superior customer experience, DevOps is proving critical for modern enterprises, giving them the ability to adapt quickly to customer demand and cultural shifts, automate throughout the software delivery lifecycle (SDLC), and heighten security of the data and infrastructure vital to application development ...
February 11, 2021
We all wish we could build, deploy, and run our applications without the stress of security concerns. However, the reality is that most of us will run into serious security or compliance issues at one time or another. When that happens, an organization is likely to experience the frustration of delayed application deployments and stifled agility. Containers and Kubernetes promise faster development cycles, quicker bug fixes, and increased velocity, but when security is an afterthought, organizations risk the very gains that containerization promises, particularly agility ...
February 01, 2021
Developers today are faced with the hard reality that modernizing systems is more than simply moving technology to a new location. Rather, they are expected to be intimately familiar with a host of new-generation technologies while simultaneously managing existing legacy systems as they migrate to an infrastructure that is more responsive, predictive, and scalable. Looking ahead to 2021, let's review the trends surrounding the most challenging, yet promising, topics in infrastructure and operations: Kubernetes, site reliability engineering, security, and more ...
January 28, 2021
DEVOPSdigest asked DevOps and development experts from across the industry for their 2021 DevSecOps predictions ...
January 27, 2021
DEVOPSdigest asked DevOps and development experts from across the industry for their 2021 DevSecOps predictions ...
January 25, 2021
Leading large Transformation efforts — that involve the creation of a Continuous Integration, Continuous Delivery Pipeline and practice — require knowledge of not only DevOps technology but how to operationalize it and scale it. Although two thirds of companies are undergoing transformation, 70% are still failing, equating to billions in losses. Although, these losses are attributed to communication breakdown, there are more factors that contribute to failures that should not be overlooked ...
