Automation is one of the keys to consistent and meaningful AppSec adoption in an evolving world. Many organizations have taken the first step in integrating their development and operations teams to drive more efficient delivery of applications and innovation to the market. They have come a long way by aligning around the shared goal of delivering stable, high-quality software quickly. One way they are achieving these efficiencies is through automation.
Automation in DevOps
By automating manual processes and building tools into continuous integration and continuous delivery (CI/CD) pipelines, development and operations teams have increased workflow efficiencies and trust between groups, which is essential as these once-disparate teams now merge to tackle critical issues as a single new team. We see the use and expansion of automation in the integration of tools such as GitLab for version control, Jenkins for CI, Jira for defect tracking, and Docker for container integration within toolchains. These tools work together to create a cohesive automated environment designed to allow organizations to focus on delivering higher-quality innovation faster to the market.
Automation in DevSecOps
Organizations are also realizing there is value in applying and sharing the value of automation by incorporating security principles earlier in the software development life cycle (SDLC). This creates shorter feedback loops and decreases friction, which allows engineers to detect and fix security and compliance issues faster and more naturally as part of software development workflows.
Posted in Agile, CI/CD & DevOps, Maturity Model (BSIMM) | Comments Off on Automation: One of the keys to DevSecOps
In our on-demand webinar with Brendan Sheairs (Synopsys), you’ll learn about the fundamentals and challenges of building a Security Champions program to transform DevOps into DevSecOps.
Posted in Agile, CI/CD & DevOps, General, Security Training, Webinars | Comments Off on Webinar: Using Security Champions to build a DevSecOps culture within your organization
In the era of agile development and outsourcing, implementing a secure software development life cycle (SSDLC) is critical. However, it may not help you achieve the level of risk mitigation you desire. You may need to extend your software security approach to provide an additional layer of protection for applications once they have been deployed. That’s where runtime application self-protection comes in.
Posted in Interactive Application Security Testing (IAST), Static Analysis (SAST), Web Application Security | Comments Off on How RASP complements application security testing to minimize risk
What is runtime application self-protection?
According to Gartner, runtime application self-protection is “a security technology that is built on or linked into an application runtime environment, and is capable of controlling application execution, and detecting and preventing real-time attacks.”
Posted in Web Application Security | Comments Off on The what, why, and who of runtime application self-protection (RASP)
Here are 7 key considerations to securely transition your apps to the cloud: cloud configuration, IAM, microservices, automation, microsegmentation, APIs, and DevSecOps. Written in coordination with Ugochukwu Enyioha.
Posted in Agile, CI/CD & DevOps, Cloud Security | Comments Off on 7 things to consider when transitioning your applications to the cloud