Security and the Twelve-Factor App - Step 9
A blog series by WhiteHat Security
July 15, 2019

Eric Sheridan
WhiteHat Security

In the previous chapter of this WhiteHat Security series, the Twelve-Factor App recommended scaling out via the process model discussed in Step 8, and included advice from the WhiteHat team on what to apply from a security point of view.

Step 9 of the Twelve-Factor App discusses disposability, which means that apps built using the twelve-factor methodology can be started or stopped at a moment's notice.

Start with Security and the Twelve-Factor App - Step 1
Start with Security and the Twelve-Factor App - Step 2
Start with Security and the Twelve-Factor App - Step 3
Start with Security and the Twelve-Factor App - Step 4
Start with Security and the Twelve-Factor App - Step 5
Start with Security and the Twelve-Factor App - Step 6
Start with Security and the Twelve-Factor App - Step 7
Start with Security and the Twelve-Factor App - Step 8

In the previous blog of this WhiteHat Security series, the Twelve-Factor App recommended scaling out via the process model discussed in Step 7, and included advice on what to apply from a security point of view.

Step 9 of the Twelve-Factor App discusses disposability, which means that apps built using the twelve-factor methodology can be started or stopped at a moment's notice.

Defining Disposability in the Twelve-Factor App

The ninth factor suggests maximizing robustness with fast startup and a graceful shutdown. This step focuses on getting code and app deployments quickly out of the starting blocks and functioning immediately. Likewise your application also needs to be strong against crashing, and if does crash, it needs to be able to restart cleanly.

The advantage with disposability in Twelve-Factor apps is that it supports fast elastic scaling, rapid deployment of code or configuration changes, and robustness of production deploys.

Applying Security to Step 9

An important factor to remember with disposability is to apply signatures and expirations to limit the life of derived security assertions. If for example the code is written without an expiration, and it's intercepted over the wire, that token can easily be re-used, something that you don't want to happen.

Read Security and the Twelve-Factor App - Step 10

Eric Sheridan is Chief Scientist at WhiteHat Security
Share this

Related Links

www.whitehatsec.com(link is external)
www.12factor.net(link is external)
Security and the Twelve-Factor App - Step 1

Industry News

StackGen Platform Now Live on Google Cloud Marketplace
April 03, 2025

StackGen has partnered with Google Cloud Platform (GCP) to bring its platform to the Google Cloud Marketplace.

Tricentis Launches Cloud-Based Test Data Capabilities for Tosca
April 03, 2025

Tricentis announced its spring release of new cloud capabilities for the company’s AI-powered, model-based test automation solution, Tricentis Tosca.

Lucid Software Acquires airfocus
April 03, 2025

Lucid Software has acquired airfocus, an AI-powered product management and roadmapping platform designed to help teams prioritize and build the right products faster.

AutonomyAI Emerges from Stealth
April 03, 2025

AutonomyAI announced its launch from stealth with $4 million in pre-seed funding.

Kong AI Gateway 3.10 Released
April 02, 2025

Kong announced the launch of the latest version of Kong AI Gateway, which introduces new features to provide the AI security and governance guardrails needed to make GenAI and Agentic AI production-ready.

Traefik Labs EnhancesAI Gateway
April 02, 2025

Traefik Labs announced significant enhancements to its AI Gateway platform along with new developer tools designed to streamline enterprise AI adoption and API development.

Zencoder Releases New AI Coding and Unit Testing Agents
April 02, 2025

Zencoder released its next-generation AI coding and unit testing agents, designed to accelerate software development for professional engineers.

Windsurf and Netlify Launch AI IDE-Native Deployment Integration
April 02, 2025

Windsurf (formerly Codeium) and Netlify announced a new technology partnership that brings seamless, one-click deployment directly into the developer's integrated development environment (IDE.)

Opsera Raises $20M in Series B Funding
April 02, 2025

Opsera raised $20M in Series B funding.

CNCF Updates Certification Offerings
April 02, 2025

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, is making significant updates to its certification offerings.

CNCF Launches Golden Kubestronaut Program
April 01, 2025

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the Golden Kubestronaut program, a distinguished recognition for professionals who have demonstrated the highest level of expertise in Kubernetes, cloud native technologies, and Linux administration.

Red Hat Developer Hub 1.5 Released
April 01, 2025

Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade internal developer portal based on the Backstage project.

Platform9 Releases Free Community Edition
April 01, 2025

Platform9 announced that Private Cloud Director Community Edition is generally available.

Sonatype Expands Support for Rust
March 31, 2025

Sonatype expanded support for software development in Rust via the Cargo registry to the entire Sonatype product suite.

CloudBolt Acquires StormForge
March 31, 2025

CloudBolt Software announced its acquisition of StormForge, a provider of machine learning-powered Kubernetes resource optimization.

More Industry News