HackDig : Dig high-quality web security articles for hacker

Use Infrastructure as Code they said. Easier to audit they said… (part 1)

Whilst there are some great examples of how to assess infrastructure as code dynamically with things like the Center for Internet Security‘s Docker benchmark and CoreOS‘s Clair, these kinda run a little too late in the pipeline for my liking. If we want to treat infrastructure as code then surely we ought to be performing code reviews and if we&#
Publish At:2019-09-19 17:35 | Read:1 | Comments:0 | Tags:Blog auditing devops devsecops infradev orchestration seceng

Security Engineering – A manifesto for defensive security

Presentation on the need to re-examine how we engineer systems (taking service providers as an example) and the implications on how we quantify cyber risk if we want to take this message into the board room (as given at BT’s SnoopCon 2019 and Cisco’s June 2019 Knowledge Network webinar for service providers). Having delivered security consultancy
Publish At:2019-09-19 17:35 | Read:66 | Comments:0 | Tags:Presentations C-Suite conference CRQ cyber risk quantificati

The Myth of Mutual Exclusivity: Making the DevOps Process More Agile Without Compromising Security

The marketplace is demanding agility, but many enterprises perceive the need for agility as an ongoing security risk. If applications are constantly evolving, they assume, the process will constantly open up new avenues for attackers to exploit. This worry has given rise to a widespread misconception that security or agility is a binary choice. But a growing
Publish At:2017-09-21 19:15 | Read:4212 | Comments:0 | Tags:Application Security CISO Agile DevOps SecDevOps Security Pr

Best Practices for Developing and Securing a Microservices Architecture

Co-authored by Chris Craig. To match the ongoing shift to cloud as a means of increasing agility when delivering services, the architectures supporting these services are also evolving. The cloud IT space is full of terminology such as infrastructure-as-code, highly scalable architectures and microservices architecture — a methodology that is gathering sig
Publish At:2017-08-15 11:45 | Read:2870 | Comments:0 | Tags:Cloud Security Cloud Cloud Adoption Cloud Computing Cloud Se

Incorporate Application Security Checks and Balances Into Your Organization’s Citizen Developer Initiatives

The first time I heard the term “citizen developer,” I thought it might be the name of a new blockbuster summer movie. However, citizen development has morphed from a trendy IT catchphrase to a powerful force that’s transforming the way organizations develop software. But as your organization opens its doors to citizen developers, how do yo
Publish At:2017-05-22 11:55 | Read:2847 | Comments:0 | Tags:Application Security Application Development Application Sec

Taming the Open Source Beast With an Effective Application Security Testing Program

Cute Attacks With Acute Impact on Your Application Security Testing Effectiveness Here we go again: Another attack with a cute name is about to make the news. More dangerous than a Ghost, a POODLE, a FREAK, a Heartbleed, a Shellshock or the other 6,000-plus attacks that show up each year, we know at least two things about it:   It will probably attack
Publish At:2017-05-05 01:55 | Read:3237 | Comments:0 | Tags:Application Security Cloud Security DevOps Open Source Stati

Three Lessons From Test-Driven Development

“If it’s worth building, it’s worth testing. If it’s not worth testing, why are you wasting your time working on it?” — Scott Ambler, Enterprise Agile Coach In 1999, Kent Beck’s “Extreme Programming Explained: Embrace Change,” became an inspiration for rethinking the way software was developed. Three years la
Publish At:2017-03-27 13:00 | Read:3704 | Comments:0 | Tags:Application Security Application Development Application Sec

Common Solutions for DevOps and Discrete Manufacturing

Near the bleeding edge of technology, there’s a lot of talk (and work) around DevOps and the use of containers for delivering services. This is a fast-paced environment where services are spun up and down to meet demand in an elastic cloud and code is shipped to production multiple times a day. It’s also an area where security is far from ‘figured out,’ but
Publish At:2017-03-08 04:11 | Read:3555 | Comments:0 | Tags:Featured Articles ICS Security DevOps Docker security

Application Security Testing: Resurgence of DAST for SDLC Integration and Scan Automation

Dynamic analysis security testing (DAST) works like a hacker-in-a-box, so to speak, by exploring and testing web applications and services via HTTP and HTTPS. DAST is one of the oldest automated application security testing (AST) techniques, tracing its roots to the mid-1990s. Since it interacts with live web applications and web services and automates hacke
Publish At:2017-01-20 19:45 | Read:4198 | Comments:0 | Tags:Application Security App Security Application Security Testi

SecOps Revisited: The Challenge of DevOps for Security

Since we covered SecDevOps in May 2015, SecOps, DevOps and software-as-a-service (SaaS) have become mainstream among developers and consumers. The rate of cyberattacks also rose sharply during that time, suggesting that fraudsters are as determined as ever to breach cloud defenses. Planning and SecOps Certification IT managers should conduct threat modeling
Publish At:2017-01-05 22:25 | Read:3667 | Comments:0 | Tags:Cloud Security DevOps Endpoint Protection Machine Learning S

Mirror, Mirror: Using Self-Protection to Boost App Security

Last week while reading to my toddler, I came across the story of “Snow White,” in which the evil queen consults a magic mirror to find her greatest threat, the fairest person in the land. While my kid fell asleep — probably due to my effective storytelling technique — I kept thinking about why the queen would want to identify that threat. The an
Publish At:2017-01-03 15:10 | Read:4242 | Comments:0 | Tags:Application Security Security Intelligence & Analytics App S

Automate, integrate, collaborate: Devops lessons for security

Enterprise security pros are often seen as heavy-handed gatekeepers obsessed with reducing risk. They'd rather be viewed as enablers who help the organization complete tasks and gain access to needed data.To make that transformation, security teams must become faster, more efficient, and more adaptable to change. That sounds a lot like devops.[ A
Publish At:2016-08-22 09:30 | Read:2704 | Comments:0 | Tags:Security Devops Network Management

Tech jobs report: Security, devops, and big data stay hot

If you're wondering what IT skill sets to acquire, security and devops are doing well in the job market. Pay for cloud skills, however, is eroding.Research firm Foote Partners' latest quarterly IT Skills and Certifications Pay Index determined that the market value for 404 of the 450 IT certifications it tracks had increased for 12 consecutive quarters.
Publish At:2016-06-22 10:30 | Read:2942 | Comments:0 | Tags:Hiring Security Devops Big Data Cloud Computing Leadership a

Microservices Are Powerful, but Pose New Security Challenges

Microservices are small, containerized application services that perform a single task or a small group of related tasks — unlike traditional, monolithic applications that handle a broad range of tasks. And they are transforming the business application world in ways that are almost entirely positive. For developers, these tools speed up development and depl
Publish At:2015-10-07 14:05 | Read:2366 | Comments:0 | Tags:Application Security Application Development Application Pro

It’s Time for Security to Embrace DevOps and SDN

According to a test I just took, I type at a speed of 94 words per minute. While typing the 92 words required for that test, I made 3 different mistakes. That’s a 3% error rate. Apparently the average error rate is about 8%.As noted in 2007 by this fascinating (well, it was fascinating to me at the time) blog on average typing speed and rates:“The impl
Publish At:2015-09-03 15:25 | Read:8922 | Comments:0 | Tags:Featured Articles Security Configuration Management breach D


Share high-quality web security related articles with you:)


Tag Cloud