Security and the Twelve-Factor App - Step 9
A blog series by WhiteHat Security
July 15, 2019

Eric Sheridan
WhiteHat Security

In the previous chapter of this WhiteHat Security series, the Twelve-Factor App recommended scaling out via the process model discussed in Step 8, and included advice from the WhiteHat team on what to apply from a security point of view.

Step 9 of the Twelve-Factor App discusses disposability, which means that apps built using the twelve-factor methodology can be started or stopped at a moment's notice.

Start with Security and the Twelve-Factor App - Step 1
Start with Security and the Twelve-Factor App - Step 2
Start with Security and the Twelve-Factor App - Step 3
Start with Security and the Twelve-Factor App - Step 4
Start with Security and the Twelve-Factor App - Step 5
Start with Security and the Twelve-Factor App - Step 6
Start with Security and the Twelve-Factor App - Step 7
Start with Security and the Twelve-Factor App - Step 8

In the previous blog of this WhiteHat Security series, the Twelve-Factor App recommended scaling out via the process model discussed in Step 7, and included advice on what to apply from a security point of view.

Step 9 of the Twelve-Factor App discusses disposability, which means that apps built using the twelve-factor methodology can be started or stopped at a moment's notice.

Defining Disposability in the Twelve-Factor App

The ninth factor suggests maximizing robustness with fast startup and a graceful shutdown. This step focuses on getting code and app deployments quickly out of the starting blocks and functioning immediately. Likewise your application also needs to be strong against crashing, and if does crash, it needs to be able to restart cleanly.

The advantage with disposability in Twelve-Factor apps is that it supports fast elastic scaling, rapid deployment of code or configuration changes, and robustness of production deploys.

Applying Security to Step 9

An important factor to remember with disposability is to apply signatures and expirations to limit the life of derived security assertions. If for example the code is written without an expiration, and it's intercepted over the wire, that token can easily be re-used, something that you don't want to happen.

Read Security and the Twelve-Factor App - Step 10

Eric Sheridan is Chief Scientist at WhiteHat Security
Share this

Related Links

www.whitehatsec.com
www.12factor.net
Security and the Twelve-Factor App - Step 1

Industry News

Postman Launches AI Agent Builder
January 22, 2025

Postman announced the Postman AI Agent Builder, a suite empowering developers to quickly design, test, and deploy intelligent agents by combining LLMs, APIs, and workflows into a unified solution.

CNCF Announces CubeFS Graduation
January 22, 2025

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the graduation of CubeFS.

BrowserStack Partners with Bitrise on Mobile App Testing
January 21, 2025

BrowserStack and Bitrise announced a strategic partnership to revolutionize mobile app quality assurance.

Render Raises $80M Series C Funding
January 21, 2025

Render raised $80M in Series C funding.

Mendix 10.18 Released
January 16, 2025

Mendix, a Siemens business, announced the general availability of Mendix 10.18.

Red Hat OpenShift Virtualization Engine Released
January 16, 2025

Red Hat announced the general availability of Red Hat OpenShift Virtualization Engine, a new edition of Red Hat OpenShift that provides a dedicated way for organizations to access the proven virtualization functionality already available within Red Hat OpenShift.

Contrast Security Releases Application Vulnerability Monitoring
January 16, 2025

Contrast Security announced the release of Application Vulnerability Monitoring (AVM), a new capability of Application Detection and Response (ADR).

Red Hat Connectivity Link Released
January 15, 2025

Red Hat announced the general availability of Red Hat Connectivity Link, a hybrid multicloud application connectivity solution that provides a modern approach to connecting disparate applications and infrastructure.

Appfire Brings 7pace Timetracker to the Atlassian Marketplace
January 15, 2025

Appfire announced 7pace Timetracker for Jira is live in the Atlassian Marketplace.

SmartBear Introduces AI-Driven Hubs
January 14, 2025

SmartBear announced the availability of SmartBear API Hub featuring HaloAI, an advanced AI-driven capability being introduced across SmartBear's product portfolio, and SmartBear Insight Hub.

Azul Announces Java Solutions to Help Financial Institutions Meet DORA Requirements
January 14, 2025

Azul announced that the integrated risk management practices for its OpenJDK solutions fully support the stability, resilience and integrity requirements in meeting the European Union’s Digital Operational Resilience Act (DORA) provisions.

OpsVerse Launches Aiden 2.0
January 14, 2025

OpsVerse announced a significantly enhanced DevOps copilot, Aiden 2.0.

Progress Once Again Honored as a Top Place to Work and Socially Responsible Organization by Prestigious Publications
January 13, 2025

Progress received multiple awards from prestigious organizations for its inclusive workplace, culture and focus on corporate social responsibility (CSR).

Red Hat Completes Acquisition of Neural Magic
January 13, 2025

Red Hat has completed its acquisition of Neural Magic, a provider of software and algorithms that accelerate generative AI (gen AI) inference workloads.

Code Intelligence Launches Spark
January 13, 2025

Code Intelligence announced the launch of Spark, an AI test agent that autonomously identifies bugs in unknown code without human interaction.

More Industry News