Secure Development

We'll walk you through the critical step of integrating security into the software development lifecycle (SDLC). You'll hear from the experts on everything from working with developers, to the best ways to assess code for security and the latest development trends and technologies.

3 Ways to Get Your Development Team on Board with Application Security

working-with-development-team.png Protecting enterprise data and assets is a daunting task. According to IT industry organization ISACA, 82 percent of respondents to an April 2015 survey indicated that their enterprise is now "likely" or "very likely" to be attacked — only 1 percent said it's "not at all likely." Meanwhile, the average annual... READ MORE

Mother May I – a Story of Application Privilege Security

bmonroe's picture
By Bob Monroe December 15, 2015  | Secure Development

Our mothers all want the best for us. They raised us to ensure we didn’t do anything crazy like run out in front of traffic or play with broken glass. 41066821_m.jpg More often than not, we had to ask for permission to do things like swim at our friend’s house or eat all of our Halloween candy in one sitting. Our moms then did their motherly duties of checking in with... READ MORE

It's True: DevOps and Security Can Play Nice

ewade's picture
By Evan Wade September 25, 2015  | Secure Development

It's no secret that DevOps was designed to address the drawbacks of traditional "waterfall" and "scrum-but" development practices over the years. And while new ways to build software are about as common as unique startup business models these days, it's clear the methodology is at least successful at addressing some long-standing issues. If your goal is to improve... READ MORE

DevOps and Automation: A Recipe for Stronger, More Secure Software

ewade's picture
By Evan Wade September 22, 2015  | Secure Development

If you made a list of the technological tools used by multiple software development methodologies, automation would have to be somewhere near the top. Anything that reduces the rote, repetitive work developers, security personnel and others have to handle in the process of app creation is a good thing; combine that with the reduced costs and lower risk that automation usually introduces into a... READ MORE

Security and Development: 90 Degrees Distant?

dbonderud's picture
By Doug Bonderud September 21, 2015  | Secure Development

In many organizations, IT security and development teams have very different mandates. For example, according to the SANS Institute's 2015 State of Application Security: Closing the Gap, while software builders focus on lowering their time to market and feature lists, application defenders worry about fully identifying all apps in their corporate portfolios to effectively address security... READ MORE

How DevOps and an Agile Methodology Can Alter Security Integration

sdrew's picture
By Shawn Drew August 9, 2015  | Secure Development

Security controls and tests have never been the easiest things to incorporate in the software development lifecycle (SDLC) — but as application security grows in importance, some changes in the way software gets made are making security integration more difficult than ever. The Agile methodology, especially when combined with a DevOps paradigm, embraces speed, making it much harder to get... READ MORE

Play in the sandbox

pchestna's picture
By Pete Chestna July 29, 2015  | Secure Development

This next post picks up where we left off in our previous discussion around automation within developers’ toolchains. Once developers have a methodology to perform security assessments and fix identified vulnerabilities within an integrated environment, the next question is how to assess new code against specific security and compliance policies. The sandbox is the way for individual... READ MORE

How a DevOps Team Can Transform Your Company

ewade's picture
By Evan Wade July 28, 2015  | Secure Development

At a conceptual level, you can compare most moderately complex businesses to the inner workings of a mechanical clock. They both require several parts moving in sync to function (think accountants, sales reps and marketing). Apply that analogy to the software development industry, and you have something resembling a cuckoo clock. Forgetting the countless integral external roles, core... READ MORE

In Software Development, Speed and Security Don't Have to Be Mutually Exclusive

jmontesi's picture
By John Montesi July 23, 2015  | Secure Development

Mention security and testing to a group of young developers, and you'll likely hear a lot of groans. It's not that the current generation of Agile-minded code hotshots is careless; rather, it's that the culture at most companies is one of speed and achievement. It's easier to celebrate milestones than it is to celebrate a lack of something, even if that something is a lack of... READ MORE

A Broad Look at DevOps: Why It Came to Be and How It's Changing the Development World

ewade's picture
By Evan Wade July 22, 2015  | Secure Development

If you've been working in development long at all, you've probably heard the term "DevOps" kicked around quite a bit — and if you work in a non-technical capacity, you probably ask yourself what the heck it is every time you see the word. The problem with answering this question is the term means different things depending on who you ask. Like most industry buzzwords, the... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu