Software Integrity

Archive for the 'Agile Methodology' Category

 

7 things to consider when transitioning your applications to the Cloud

Written in coordination with Ugochukwu Enyioha Organizations are moving their applications to the Cloud (or using the Cloud as a starting point for application development) at an astonishing rate. According to Forbes, 73% of companies are planning to move to a fully software-defined data center within 2 years. The shift is motivated by three primary […]

Continue Reading...

Posted in Agile Methodology, Cloud Security, DevOps | No Comments »

 

It’s time to enlist Security Champions to fuel Agile development

A 2015 Gartner report estimated that 25% of Global 2000 organizations would be using DevOps and Agile development practices as part of their mainstream strategies by the close of 2016. Our experience with Synopsys customers confirms this prediction has come true. In Agile development, passes through the software development life cycle (SDLC) occur more often […]

Continue Reading...

Posted in Agile Methodology, Application Security | Comments Off on It’s time to enlist Security Champions to fuel Agile development

 

Accelerate your agile security strategy

  “In the face of more rapid iterative and agile design and development efforts, the time required becomes even more precious. It’s not hard to understand why even the most well-intentioned manager will make the pragmatic decision to skip the effort, or pay it lip service.” -Gartner Testing tools help meet the challenges Automation is […]

Continue Reading...

Posted in Agile Methodology, Application Security, Infographic | Comments Off on Accelerate your agile security strategy

 

Webinar: Update your AppSec strategy to run effectively in a DevOps world

DevOps enables you to release features and bug remediation efforts faster than ever before through Agile methodologies, CI/CD processes, and open source tools. While traditional security activities have trouble keeping pace with DevOps, it’s also critical not to let security fall behind. Is security tripping you up? As the DevOps revolution continues to advance, security […]

Continue Reading...

Posted in Agile Methodology, CI/CD, DevOps, Security Training | Comments Off on Webinar: Update your AppSec strategy to run effectively in a DevOps world

 

Is threat modeling compatible with Agile and DevSecOps?

Bryan Sullivan, a Security Program Manager at Microsoft, called threat modeling a “cornerstone of the SDL” during a Black Hat Conference presentation. He calls it a ‘cornerstone’ because a properly executed threat model: Finds architectural and design flaws that are difficult or impossible to detect through other methods. Identifies the most ‘at-risk’ components. Helps stakeholders […]

Continue Reading...

Posted in Agile Methodology, Application Security, DevOps | Comments Off on Is threat modeling compatible with Agile and DevSecOps?

 

Agile development for application security managers

In today’s competitive business environment, it is more important than ever to develop applications not only accurately but quickly. The traditional “waterfall” method is effective, but requires so many steps that the process cannot keep up with today’s software development needs. Agile is a development methodology that speeds up software development dramatically, along with several […]

Continue Reading...

Posted in Agile Methodology, Application Security | Comments Off on Agile development for application security managers

 

A spell check equivalent for building security in

Originally posted on SecurityWeek I can honestly say that spell check is the reason I now know how to spell “separate.” It only took about 20 years of patient and faithful repetition from Microsoft Word. The concept of spell check is intriguing when considered in the context of security. There is a significant benefit to […]

Continue Reading...

Posted in Agile Methodology, Security Training, Static Analysis (SAST) | Comments Off on A spell check equivalent for building security in

 

How does Agile overcome common software security challenges?

Paradoxically, security is a negative goal. To secure something, you must understand how insecure it is. Start by trying to break it or by figuring out how other people might break it. The same is true of software. For example, a simple user input field on a mobile or web app may require the user to […]

Continue Reading...

Posted in Agile Methodology, Software Development Life Cycle (SDLC), Software Security Testing | Comments Off on How does Agile overcome common software security challenges?

 

Are your applications really protected? It’s all about the pivot

Originally posted on SecurityWeek Hackers are human. Hopefully that doesn’t surprise you too much. Being human means that they are subject to human tendencies, like taking the path of least resistance. To a hacker, this means avoiding the most protected way to an asset. They know that no one can simply walk into the room […]

Continue Reading...

Posted in Agile Methodology, Application Security, Network Security, Software Security Testing | Comments Off on Are your applications really protected? It’s all about the pivot

 

How secure software development works in the real world

Pure Agile and pure Waterfall don’t occur in the real world. Instead, software development takes place on a spectrum. There are infinite variations and most real world software teams incorporate elements of Waterfall, Agile, and other methodologies into their SDLC. Software life cycles are as unique and varied as the organizations they serve. At each […]

Continue Reading...

Posted in Agile Methodology, Software Development Life Cycle (SDLC), Software Security Testing | Comments Off on How secure software development works in the real world