Software Integrity

Archive for the 'DevOps' Category

 

Is threat modeling compatible with Agile and DevSecOps?

Bryan Sullivan, a Security Program Manager at Microsoft, called threat modeling a “cornerstone of the SDL” during a Black Hat Conference presentation. He calls it a ‘cornerstone’ because a properly executed threat model: Finds architectural and design flaws that are difficult or impossible to detect through other methods. Identifies the most ‘at-risk’ components. Helps stakeholders […]

Continue Reading...

Posted in Agile Methodology, Application Security, DevOps | Comments Off on Is threat modeling compatible with Agile and DevSecOps?

 

Building your DevSecOps pipeline: 5 essential activities

No matter what you call it, SecDevOps, DevSecOps, or DevOpsSec, you have to build security into your continuous integration, continuous delivery, and continuous deployment pipeline. This checklist will guide you through the DevSecOps journey—as we’ll call it within this checklist—to assure that you’re integrating security into your pipeline. Here, we’re going to look at each of […]

Continue Reading...

Posted in Application Security, DevOps, Software Security Testing, Vulnerability Assessment | Comments Off on Building your DevSecOps pipeline: 5 essential activities

 

The countdown to codenomi-con USA 2017 is on!

Join the Synopsys team as we host the world’s most exclusive cybersecurity event at the House of Blues inside of Mandalay Bay in Las Vegas on Tuesday, July 25. In addition to an evening of networking and entertainment, our thought leadership program will include presentations on DevOps security, IoT, and building security into your SDLC. […]

Continue Reading...

Posted in DevOps, Internet of Things, Security Conference or Event, Software Development Life Cycle (SDLC) | Comments Off on The countdown to codenomi-con USA 2017 is on!

 

How to build security into the DevOps life cycle

As a kid, I often traveled by train in India. I always wondered what would happen if I pulled the chain under the sign that read, “To Stop Train, Pull Chain.” My parents warned me that it would cost them a fortune to pay the fine and that I’d be taken away by the police. […]

Continue Reading...

Posted in Application Security, CI/CD, DevOps | Comments Off on How to build security into the DevOps life cycle

 

Dan Geer explores the DevOps ‘Law of the Jungle’ dilemma

As humans have evolved over time, so has cybersecurity, but at an arguably faster rate. Just as nature weeds out evolutionary ideas through a concept known as survival of the fittest, so do various attackers on the internet by targeting the most vulnerable systems. The dilemma facing DevOps today is which evolutionary theory is the correct […]

Continue Reading...

Posted in DevOps | Comments Off on Dan Geer explores the DevOps ‘Law of the Jungle’ dilemma

 

Learn to secure a cloud application in a single day

How can cloud applications build security in? This question may seem almost as limitless as the cloud itself. To get some answers, we sat down with John Roberts, Senior Security Consultant and resident Amazon Web Services (AWS) expert, to discuss Synopsys’ newest training opportunity. During our discussion, he puts the breadth of cloud security into perspective. […]

Continue Reading...

Posted in Cloud Security, DevOps, Security Training | Comments Off on Learn to secure a cloud application in a single day