DevSecOps in an Agile Environment

At first glance, DevSecOps and Agile can seem like different things. In reality, the methodologies often complement each other. Let’s see how. Agile is a methodology that aims to give teams flexibility during software development. DevSecOps is about adding automated security to an existing automated software development process. Both are methodologies that require high levels of communication between different stakeholders and continuous improvement as part of the process.

DevSecOps tool examples that will alleviate your workload

Nowhere is this more apparent than in DevSecOps where developers and releases outnumber security experts by thousands to one. It’s simply not feasible for the security teams to manually tackle flagged issues with any kind of accuracy—and have any time left in the day to - you know - eat and sleep!

Application Security in 2022 Misses the Big Picture

I recently ran an unofficial poll on LinkedIn asking how people found every instance of Log4J in their application portfolio. The options I gave were CMDB (Configuration Management Database), SBOM (Software Bill of Materials), SCA (Software Composition Analysis), and internal detective work. The overwhelming majority, 54% to be exact, said internal detective work. These results got me thinking as organizations spend millions of dollars a year on CMDB, SBOM, and SCA technologies.

What is CI/CD? A Complete Guide to CI/CD

Software development cycles have changed immensely in the last ten years. New practices and design philosophies are being tried every day. One of these practices is CI/CD pipelines, utilizing aspects of agile software development paired with automation and robust testing. In this post, we’ll be covering all aspects of CI/CD, as well as some popular CICD tools your organization can use to implement a CI/CD pipeline.

How to use DevSecOps to reduce and focus issues raised?

One of the biggest challenges when rolling out a DevSecOps process is the volume of issues it can bring to light. From a development point of view, we don’t want the implementation of security in DevOps to give the dev team massive lists of vulnerabilities to check over on every build or release. We want to avoid anything that might cause unforeseen delays to keep everything on track - but we also want the application to be secure.

How to measure security metrics & continuous improvement in DevSecOps?

Many security departments and management teams want to improve their processes. DevSecOps introduces the ability for much more granular measurements than traditional manual security testing. Even simple measures can highlight gaps and areas for improvement where the budget can be spent. In this video Founder and CSO, Gary Robinson, takes a closer look at the challenges of KPI metrics for software testing.

How to source the right tools to scale an AppSec programme

Everyone’s development is different, it stands to reason everyone’s perfect security toolkit will also be different. But finding the right tools to suit your project, and making the most out of those tools shouldn’t have to be a headache. In the field of application security, there are literally thousands of security tools to choose from that may help the development, security and longevity of your projects.