Agile and DevOps Bring the Focus Back on Quality
Continuous Security in Agile Development
I’ve had the privilege (and the many challenges) of working in IT for more than three decades. Early in my career I tended to accept things as they were presented, following the techniques, processes, guidelines, and approaches I was taught by my peers and managers. As I gained experience and wisdom, I became a better independent thinker and started to connect the dots and ask questions.
The Value of Security Testing in QA
The word continuous gets thrown around a lot when talking about agile and DevOps. One area that often doesn’t get enough attention is how to continuously build, test, and deliver secure applications.Just like for quality, you can’t test security in, so you need to have a plan for how to build it in from the ground up. Here are some tips on how to do that.
Integrating Threat Modeling into Agile Development
For many organizations, traditional testing groups are separated from the IT security group. But having traditional testers perform some security testing efforts is a great way of achieving a balanced approach to shifting left while being mindful of staffing and budgetary challenges. It also has some great advantages.
Making Security a First Class Citizen in DevOps
Adopting agile in your program comes with inherent benefits around transparency and delivery, but it also often requires changes to other business practices to align with a more iterative way of developing software. Threat modeling helps you determine where to focus your security testing efforts when building your app, so it’s a useful practice. But one […]
Why I Took the Time to Turn On Two-Factor Authentication
I recently had the opportunity to do a web seminar with Jeff Payne about using open source tools for DevSecOps. In our discussion, I made the point that the goal of DevSecOps is to make application security a first-class citizen in the DevOps process. Making application security a first-class citizen improves the quality of your […]
Why Software Testing is Key to DevOps
For the past few years, my dad has been encouraging me to turn on two-factor authentication (2FA) on any service that offers it. Having grown up in the social media age, I felt his requests were unwarranted. I know social media inside and out (and I have a master’s degree to prove it). I have […]
DevSecOps: Incorporate Security into DevOps to Reduce Software Risk
One of the major reasons organizations adopt DevOps practices is to accelerate delivery of software to production. This includes deploying more frequently and reducing lead time. However, many organizations fail to include quality components in their practices. This leads to organizations delivering code faster, but unfortunately, that code is just poor. Continuous deployment without quality […]
DevSecOps: The Solution to the Equifax Problem
By now, most organizations have heard of DevOps, and many have begun to adopt DevOps practices as a key enabler of software delivery. Organizations that employ an agile approach find DevOps practices a natural extension, and DevOps truly enables agile practices to flourish. Organizations typically start with implementing continuous integration, test-driven development, and test automation […]
DevSecOps Means More than Just Automation, It’s a Mindset
By now, most Americans have heard of the breach of over 143 million (and counting) U.S. consumer’s financial data to hackers earlier this month. A well-published vulnerability in Apache Struts (CVE-2017-5638) was not patched for months in Equifax applications. This vulnerability was readily available to hackers and exploited against critical systems holding data such as […]
When people think of DevSecOps the first thing that comes to mind is automation. A strong DevSecOps environment should employ tools that automate the following: Continuous Integration, Continuous Delivery, Continuous Testing, Continuous Deployment, and Continuous Monitoring. While automation is certainly important, it’s just as important (if not more important) to build the mindset that “everyone […]