Security and the Twelve-Factor App - Step 12
A blog series by WhiteHat Security
November 04, 2019

Eric Sheridan
WhiteHat Security

The final chapter of this blog series looks at Factor 12, Admin Processes, and shares security-focused advice for this step that developers and ops engineers can follow during the SaaS build and operations stages.

Start with Security and the Twelve-Factor App - Step 1
Start with Security and the Twelve-Factor App - Step 2
Start with Security and the Twelve-Factor App - Step 3
Start with Security and the Twelve-Factor App - Step 4
Start with Security and the Twelve-Factor App - Step 5
Start with Security and the Twelve-Factor App - Step 6
Start with Security and the Twelve-Factor App - Step 7
Start with Security and the Twelve-Factor App - Step 8
Start with Security and the Twelve-Factor App - Step 9
Start with Security and the Twelve-Factor App - Step 10
Start with Security and the Twelve-Factor App - Step 11

Defining Admin Processes in the Twelve-Factor App

The final and twelfth factor focuses on admin processes and running admin/management tasks as one-off processes.

By this, 12.factor.net means that “one-off admin processes should be run in an identical environment as the regular long-running processes of the app. They run against a release, using the same codebase and config as any process run against that release. Admin code must ship with application code to avoid synchronization issues.”

Applying Security to Step 12

From a security standpoint, admin processes must be subject to the same security scrutiny as prescribed for factors I to XI. Incorporate one-off admin processes as part of product discussions and understand the security risks associated with one-off admin processes.

Eric Sheridan is Chief Scientist at WhiteHat Security
Share this

Related Links

www.whitehatsec.com(link is external)
www.12factor.net(link is external)
Security and the Twelve-Factor App - Step 1

Industry News

Sonatype Expands Support for Rust
March 31, 2025

Sonatype expanded support for software development in Rust via the Cargo registry to the entire Sonatype product suite.

CloudBolt Acquires StormForge
March 31, 2025

CloudBolt Software announced its acquisition of StormForge, a provider of machine learning-powered Kubernetes resource optimization.

k0rdent Announces 19 Validated Infrastructure and Software Integrations
March 31, 2025

Mirantis announced the k0rdent Application Catalog – with 19 validated infrastructure and software integrations that empower platform engineers to accelerate the delivery of cloud-native and AI workloads wherever the\y need to be deployed.

Traefik API Management Now Available on Oracle Cloud Marketplace
March 31, 2025

Traefik Labs announced its Kubernetes-native API Management product suite is now available on the Oracle Cloud Marketplace.

webAI and MacStadium Announce Partnership to Power World's Largest AI Models with Apple Silicon
March 27, 2025

webAI and MacStadium(link is external) announced a strategic partnership that will revolutionize the deployment of large-scale artificial intelligence models using Apple's cutting-edge silicon technology.

Akamai Supports kernel.org
March 27, 2025

Development work on the Linux kernel — the core software that underpins the open source Linux operating system — has a new infrastructure partner in Akamai. The company's cloud computing service and content delivery network (CDN) will support kernel.org, the main distribution system for Linux kernel source code and the primary coordination vehicle for its global developer network.

Komodor Announces New Capabilities for Automating Kubernetes Drift Management
March 27, 2025

Komodor announced a new approach to full-cycle drift management for Kubernetes, with new capabilities to automate the detection, investigation, and remediation of configuration drift—the gradual divergence of Kubernetes clusters from their intended state—helping organizations enforce consistency across large-scale, multi-cluster environments.

Red Hat OpenShift AI 2.18 and Red Hat Enterprise Linux AI 1.4 Released
March 26, 2025

Red Hat announced the latest updates to Red Hat AI, its portfolio of products and services designed to help accelerate the development and deployment of AI solutions across the hybrid cloud.

CloudCasa by Catalogic Announces Latest Release
March 26, 2025

CloudCasa by Catalogic announced the availability of the latest version of its CloudCasa software.

BrowserStack Launches Private Devices
March 26, 2025

BrowserStack announced the launch of Private Devices, expanding its enterprise portfolio to address the specialized testing needs of organizations with stringent security requirements.

Chainguard Libraries Released in Beta
March 25, 2025

Chainguard announced Chainguard Libraries, a catalog of guarded language libraries for Java built securely from source on SLSA L2 infrastructure.

Cloudelligent Achieves AWS DevOps Competency Status
March 25, 2025

Cloudelligent attained Amazon Web Services (AWS) DevOps Competency status.

Platform9 Launches Partner Program
March 25, 2025

Platform9 formally launched the Platform9 Partner Program.

Cosmonic Launches Cosmonic Control
March 24, 2025

Cosmonic announced the launch of Cosmonic Control, a control plane for managing distributed applications across any cloud, any Kubernetes, any edge, or on premise and self-hosted deployment.

Oracle and Microsoft Add New Services to Oracle Database@Azure
March 20, 2025

Oracle announced the general availability of Oracle Exadata Database Service on Exascale Infrastructure on Oracle Database@Azure(link sends e-mail).

More Industry News