Posted on

Getting Started With CI/CD Pipeline Security

The increasingly distributed nature of CI/CD frameworks has made organizations more vulnerable to attacks, which can range from threats to supply chains and servers to exploitations of the application code itself. In this Refcard, you'll learn about the primary focus areas of CI/CD pipeline security, review common pipeline threats and security challenges, as well as walk through seven steps to get started with securing your pipelines.
Posted on

Continuous Delivery Pipeline Security Essentials

As the threat landscape continuously evolves, it is crucial for organizations to adopt a shift left for security mindset — ensuring that security is prioritized and its importance equated to that of automation and collaboration among distributed teams.

In this Refcard, you’ll review the challenges associated with integrating security practices into a continuous delivery pipeline, including the blockers development teams in particular often face. Also covered are the key areas to consider when administering and maintaining security of CD pipelines.
Posted on

Security Automation’s Next (and Best) Evolution Is No-Code and Here’s Why

The biggest challenge I saw in my 15 years as a security practitioner and overseeing security teams was analysts' time consumed by mundane, repetitive tasks that were taking them away from doing the work their skills suited them for, leading to burnout and human error. That's why automation has the potential to help reduce the load of overworked teams by automating low-value tasks and freeing up those analysts for more high-impact work, like improving an organization's security posture.

However, that potential hasn’t been realized with traditional approaches to automation — but it is with no-code automation, which brings increased value, productivity, and efficiency security managers teams are looking for.

Posted on

Types of Tools To Use for Application Security

Source

Testing applications is necessary, as bugs and other security vulnerabilities are always found in applications. Many developers have to work under tight schedules; therefore, they don’t always have enough time to test the applications, which often becomes a disaster. 

Posted on

How to Automate Container Security by Using CRDs to Get Security Policy as Code

Security has long been a sticking point for many DevOps teams (including my own, at a Canadian insurance and financial services co-operative). While available tools have enabled automation across plenty of other parts of our CI/CD pipeline — and made automated deployment of our container-based applications the norm — security automation has largely lagged behind.

Like most DevOps teams, we put automated vulnerability scanning into place, but the manual effort of building security policies to safeguard production application workloads remained a pain point.

Posted on

Cybersecurity’s Emerging DevOps Challenge in 2020

Without properly shifting left, security will be left in the lurch.

As cloud technologies evolve and businesses jostle to become Agile, it’s time for cybersecurity to join the evolutionary race. Virtualization enabled physical data centers to transform, and cloud-based operating systems and application infrastructures served as the foundation for developers to access software resources without the headache of managing infrastructure.

However, cybersecurity has yet to take the bold step forward in line with the rest of the IT world. Security teams are expected to fight barehanded against hackers and malicious actors. Their traditional weapons such as firewalls, IPs, and host-based security tools are obsolete in the cloud, and cloud security tools that are meant to replace them are largely ineffectual.