Application Security

3/23/2017
11:00 AM
Connect Directly
Twitter
Twitter
RSS
E-Mail
100%
0%

7 Steps to Transforming Yourself into a DevSecOps Rockstar

Security practitioners at one education software firm offer lessons learned from merging DevOps with security.
Previous
1 of 8
Next

Image Source: Adobe Stock

Image Source: Adobe Stock

The union between DevOps and information security stands to help organizations not only deliver software more quickly, but also finally achieve something that application security professionals have been chasing for years now: securing code much earlier in the software development lifecycle. According to recent numbers, high-performing IT teams that engage in DevSecOps work patterns need to spend 50% less time remediating security issues because they're fixing problems throughout the entire lifecycle.

But achieving those kinds of gains requires that security professionals make big changes in attitudes, work habits, and communication methods, say two professionals from higher ed software developer Ellucian, who have helped the firm transform its development practices. Dark Reading recently caught up with Michele Chubirka, security architect, and Troy Marshall, DevSecOps and cloud reliability leader, to discuss what it takes to get into the DevSecOps groove.

[Learn more about DevSecOps during Interop ITX, May 15-19, at the MGM Grand in Las Vegas. To check out the other Interop security sessions, or to register, click on the live links.]

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
sestes
50%
50%
sestes,
User Rank: Apprentice
7/25/2017 | 8:10:02 AM
Fabulous article
This should be required reading for every aspiring DevOps student. The last slide sums it up: use common sense.
Nathan Cane
50%
50%
Nathan Cane,
User Rank: Apprentice
4/3/2017 | 4:51:22 AM
Re: madden mobile hack tool
Very interesting, I want to try that !!!
Nathan Cane
50%
50%
Nathan Cane,
User Rank: Apprentice
4/3/2017 | 4:50:13 AM
Re: madden mobile hack tool
Very intersting !!!
mikemike01
100%
0%
mikemike01,
User Rank: Apprentice
3/30/2017 | 2:44:18 AM
madden mobile hack tool
Thanks for this its getting me on my way to being a star pen tester!!!
mikemike01
100%
0%
mikemike01,
User Rank: Apprentice
3/30/2017 | 2:42:54 AM
madden mobile hack tool
Thanks this is getting me on my way to being a star pen tester!
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-7682
PUBLISHED: 2018-06-22
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.
CVE-2018-12689
PUBLISHED: 2018-06-22
phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.
CVE-2018-12538
PUBLISHED: 2018-06-22
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage...
CVE-2018-12684
PUBLISHED: 2018-06-22
Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.
CVE-2018-12687
PUBLISHED: 2018-06-22
tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h.