What is DAST?
DAST

DAST stands for Dynamic Application Security Testing, and it’s a blackbox suite of tools that really look at web applications on the front end. DAST looks at a running application looking for potential security vulnerabilities, architectural weaknesses, SQL injection, and cross-site scripting, among other security risks in the OWASP Top Ten. How is SAST different […]

Read more
What is SAST?
SAST

SAST stands for Static Application Security Testing. SAST look through application source code for security defects, different issues written into the source code, and how the application is actually programmed to identify vulnerabilities that then have the potential being exploited. How is SAST different from DAST? SAST typically takes less time than running DAST, and […]

Read more
Shifting Security Left: The Innovation of DevSecOps

Application security, or AppSec, is hard. For development teams, it often comes into development late in a release cycle and demands changes to the software that seem unreasonable. For the AppSec team, being introduced to a project after the application has been designed and much of the code has been written means there will be […]

Read more
Red Tape and Federated Users

Background A client recently wanted to move several DevOps and scanning tools into the cloud, to which they were in the process of proving out and transitioning. We had a number of security scanning and static analysis tools, along with corresponding dashboards and a continuous integration server to orchestrate them. All of these tools were […]

Read more
Debunking 4 Myths of DevSecOps Adoption

Every day organizations incorporate DevSecOps into their software development, security, and operations practices to ensure they can build critical security controls into their agile software delivery. According to one survey, 84 percent of respondents said it’s difficult to reduce risk to their applications because they’re not able to monitor, detect, and prevent attacks at the application level. […]

Read more
DevOps and Security: 5 Principles for DevSecOps

With the trend toward a more continuous delivery and deployment process, late-lifecycle activities like security assurance present a significant hurdle to continuously delivering value to customers. DevSecOps addresses this by shifting security assurance activities, personnel, and automation closer to development.

Read more
Agile and DevOps Bring the Focus Back on Quality
Magnifying glass on colored paper

I’ve had the privilege (and the many challenges) of working in IT for more than three decades. Early in my career I tended to accept things as they were presented, following the techniques, processes, guidelines, and approaches I was taught by my peers and managers. As I gained experience and wisdom, I became a better independent thinker and started to connect the dots and ask questions.

Read more
Continuous Security in Agile Development
Padlock on a green door

The word continuous gets thrown around a lot when talking about agile and DevOps. One area that often doesn’t get enough attention is how to continuously build, test, and deliver secure applications.Just like for quality, you can’t test security in, so you need to have a plan for how to build it in from the ground up. Here are some tips on how to do that.

Read more
X