Integrating Threat Modeling into Agile Development

Adopting agile in your program comes with inherent benefits around transparency and delivery, but it also often requires changes to other business practices to align with a more iterative way of developing software. Threat modeling helps you determine where to focus your security testing efforts when building your app, so it’s a useful practice. But one […]

Read more
Making Security a First Class Citizen in DevOps

I recently had the opportunity to do a web seminar with Jeff Payne about using open source tools for DevSecOps. In our discussion, I made the point that the goal of DevSecOps is to make application security a first-class citizen in the DevOps process. Making application security a first-class citizen improves the quality of your […]

Read more
Why Software Testing is Key to DevOps
Testing

One of the major reasons organizations adopt DevOps practices is to accelerate delivery of software to production. This includes deploying more frequently and reducing lead time. However, many organizations fail to include quality components in their practices. This leads to organizations delivering code faster, but unfortunately, that code is just poor. Continuous deployment without quality […]

Read more
DevSecOps: Incorporate Security into DevOps to Reduce Software Risk

By now, most organizations have heard of DevOps, and many have begun to adopt DevOps practices as a key enabler of software delivery. Organizations that employ an agile approach find DevOps practices a natural extension, and DevOps truly enables agile practices to flourish. Organizations typically start with implementing continuous integration, test-driven development, and test automation […]

Read more
DevSecOps: The Solution to the Equifax Problem
Credit Card

By now, most Americans have heard of the breach of over 143 million (and counting) U.S. consumer’s financial data to hackers earlier this month.  A well-published vulnerability in Apache Struts (CVE-2017-5638) was not patched for months in Equifax applications.  This vulnerability was readily available to hackers and exploited against critical systems holding data such as […]

Read more
DevSecOps Means More than Just Automation, It’s a Mindset
Security

When people think of DevSecOps the first thing that comes to mind is automation. A strong DevSecOps environment should employ tools that automate the following: Continuous Integration, Continuous Delivery, Continuous Testing, Continuous Deployment, and Continuous Monitoring. While automation is certainly important, it’s just as important (if not more important) to build the mindset that “everyone […]

Read more
Generate Parameter Values Dynamically in Jenkins
Single Sign On

I am currently working on implementing Single Sign-On (SSO) for the entire Coveros domain. This project required me to implement a process to add current Coveros employees into our FreeIPA server as well as account for any future employees that will be onboarded. In order to deal with this problem, a script was written which […]

Read more
Make Your Security Testing More Agile
Security

For decades, software security organizations and those that assure security have built processes and procedures around waterfall software development practices. This has often led to security testing being “bolted on” at the end of the process. In addition, many organizations have seen the rise of mindless information security assurance, whereby engineers avoid assessing, understanding, or […]

Read more
X