HackDig : Dig high-quality web security articles for hacker

"Continuous Opportunity - DevOps and Security"

 Thank you to everyone at the Minnesota ISSA chapter for the opportunity to share some background on DevOps and some ideas about how security teams can benefit by adopting DevOps practices & tools. The presentation slides are available here:Continuous Opportunity- DevOps and Securi
Publish At:2019-10-18 04:00 | Read:112 | Comments:0 | Tags:DevOps

"Exploring the DevSecOps Toolchain"

 The authors of the SANS Institute's DEV540 Secure DevOps & Cloud Application Security course created the Secure DevOps Toolchain poster to help security teams create a methodology for integrating security into the DevOps workflow. As you can see, the poster breaks DevOps down into
Publish At:2019-10-18 04:00 | Read:144 | Comments:0 | Tags:DevOps SecDevOps Secure SDLC

CVE-2019-16928: Exploiting an Exim Vulnerability via EHLO Strings

by Ashish Verma In September, security researchers from the QAX-A-Team discovered the existence of CVE-2019-16928, a vulnerability involving the mail transfer agent Exim. Exim accounts for over 50% of publicly reachable mail servers on the internet. What makes the bug particularly noteworthy is that threat actors could exploit it to perform denial of service
Publish At:2019-10-10 10:00 | Read:353 | Comments:0 | Tags:Vulnerabilities DevOps Vulnerability exploit

Use Infrastructure as Code they said. Easier to audit they said… (part 1)

Whilst there are some great examples of how to assess infrastructure as code dynamically with things like the Center for Internet Security‘s Docker benchmark and CoreOS‘s Clair, these kinda run a little too late in the pipeline for my liking. If we want to treat infrastructure as code then surely we ought to be performing code reviews and if we&#
Publish At:2019-09-19 17:35 | Read:146 | Comments:0 | Tags:Blog auditing devops devsecops infradev orchestration seceng

Security Engineering – A manifesto for defensive security

Presentation on the need to re-examine how we engineer systems (taking service providers as an example) and the implications on how we quantify cyber risk if we want to take this message into the board room (as given at BT’s SnoopCon 2019 and Cisco’s June 2019 Knowledge Network webinar for service providers). Having delivered security consultancy
Publish At:2019-09-19 17:35 | Read:186 | Comments:0 | Tags:Presentations C-Suite conference CRQ cyber risk quantificati

The Myth of Mutual Exclusivity: Making the DevOps Process More Agile Without Compromising Security

The marketplace is demanding agility, but many enterprises perceive the need for agility as an ongoing security risk. If applications are constantly evolving, they assume, the process will constantly open up new avenues for attackers to exploit. This worry has given rise to a widespread misconception that security or agility is a binary choice. But a growing
Publish At:2017-09-21 19:15 | Read:4353 | Comments:0 | Tags:Application Security CISO Agile DevOps SecDevOps Security Pr

Best Practices for Developing and Securing a Microservices Architecture

Co-authored by Chris Craig. To match the ongoing shift to cloud as a means of increasing agility when delivering services, the architectures supporting these services are also evolving. The cloud IT space is full of terminology such as infrastructure-as-code, highly scalable architectures and microservices architecture — a methodology that is gathering sig
Publish At:2017-08-15 11:45 | Read:2976 | Comments:0 | Tags:Cloud Security Cloud Cloud Adoption Cloud Computing Cloud Se

Incorporate Application Security Checks and Balances Into Your Organization’s Citizen Developer Initiatives

The first time I heard the term “citizen developer,” I thought it might be the name of a new blockbuster summer movie. However, citizen development has morphed from a trendy IT catchphrase to a powerful force that’s transforming the way organizations develop software. But as your organization opens its doors to citizen developers, how do yo
Publish At:2017-05-22 11:55 | Read:2982 | Comments:0 | Tags:Application Security Application Development Application Sec

Taming the Open Source Beast With an Effective Application Security Testing Program

Cute Attacks With Acute Impact on Your Application Security Testing Effectiveness Here we go again: Another attack with a cute name is about to make the news. More dangerous than a Ghost, a POODLE, a FREAK, a Heartbleed, a Shellshock or the other 6,000-plus attacks that show up each year, we know at least two things about it:   It will probably attack
Publish At:2017-05-05 01:55 | Read:3415 | Comments:0 | Tags:Application Security Cloud Security DevOps Open Source Stati

Three Lessons From Test-Driven Development

“If it’s worth building, it’s worth testing. If it’s not worth testing, why are you wasting your time working on it?” — Scott Ambler, Enterprise Agile Coach In 1999, Kent Beck’s “Extreme Programming Explained: Embrace Change,” became an inspiration for rethinking the way software was developed. Three years la
Publish At:2017-03-27 13:00 | Read:3886 | Comments:0 | Tags:Application Security Application Development Application Sec

Common Solutions for DevOps and Discrete Manufacturing

Near the bleeding edge of technology, there’s a lot of talk (and work) around DevOps and the use of containers for delivering services. This is a fast-paced environment where services are spun up and down to meet demand in an elastic cloud and code is shipped to production multiple times a day. It’s also an area where security is far from ‘figured out,’ but
Publish At:2017-03-08 04:11 | Read:3822 | Comments:0 | Tags:Featured Articles ICS Security DevOps Docker security

Application Security Testing: Resurgence of DAST for SDLC Integration and Scan Automation

Dynamic analysis security testing (DAST) works like a hacker-in-a-box, so to speak, by exploring and testing web applications and services via HTTP and HTTPS. DAST is one of the oldest automated application security testing (AST) techniques, tracing its roots to the mid-1990s. Since it interacts with live web applications and web services and automates hacke
Publish At:2017-01-20 19:45 | Read:4475 | Comments:0 | Tags:Application Security App Security Application Security Testi

SecOps Revisited: The Challenge of DevOps for Security

Since we covered SecDevOps in May 2015, SecOps, DevOps and software-as-a-service (SaaS) have become mainstream among developers and consumers. The rate of cyberattacks also rose sharply during that time, suggesting that fraudsters are as determined as ever to breach cloud defenses. Planning and SecOps Certification IT managers should conduct threat modeling
Publish At:2017-01-05 22:25 | Read:3804 | Comments:0 | Tags:Cloud Security DevOps Endpoint Protection Machine Learning S

Mirror, Mirror: Using Self-Protection to Boost App Security

Last week while reading to my toddler, I came across the story of “Snow White,” in which the evil queen consults a magic mirror to find her greatest threat, the fairest person in the land. While my kid fell asleep — probably due to my effective storytelling technique — I kept thinking about why the queen would want to identify that threat. The an
Publish At:2017-01-03 15:10 | Read:4419 | Comments:0 | Tags:Application Security Security Intelligence & Analytics App S

Automate, integrate, collaborate: Devops lessons for security

Enterprise security pros are often seen as heavy-handed gatekeepers obsessed with reducing risk. They'd rather be viewed as enablers who help the organization complete tasks and gain access to needed data.To make that transformation, security teams must become faster, more efficient, and more adaptable to change. That sounds a lot like devops.[ A
Publish At:2016-08-22 09:30 | Read:2907 | Comments:0 | Tags:Security Devops Network Management

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud