Open in app

Sign in

Write

Sign in

DevSecOps processes

Maciej
2 min readOct 3, 2019

--

Make security part of the entire development process

Integrate security early in the development and throughout the whole life cycle. Requirements should the same weight as the functional requirements. This involves also security controls, processes, as well as automating the core security tasks in the workflow.

More info:

DevSecOps: Incorporate Security into DevOps to Reduce Software Risk

DevSecOps is a growing movement to incorporate security into DevOps practices in order to ensure flaws and weaknesses…

www.agileconnection.com

Integrating Security into the CI/CD Pipeline: Step-by-Step Recommendations

This is post 2 of 2 on the subject of security in a DevOps environment. For an introduction to the concept, see my…

mattboegner.com

Test security throughout the all development cycle

Security testing should be integral part and a CI/CD process of the entire app and development cycle. Make perform tests on applications, APIs, containers, data, processes, and micro services. Take care of all flaws during development process since it is easier and less cost.

More info:

Three Effective Ways to Make Application Security Testing a Successful Part of a DevOps Program

From the latest agile development tools to innovative delivery platforms such as containers, DevOps is changing how…

securityintelligence.com

SANS Institute: Reading Room - Analyst Papers

Computer security training, certification and free resources. We specialize in computer/network security, digital…

www.sans.org

Secure SDLC: Integrating security into your software development life cycle

Increasingly you hear about the need to integrate security into the software development life cycle (SDLC). A few…

searchsoftwarequality.techtarget.com

Automate processes

Automate security and config management, testing and other tasks. This reduces workload for the teams and provide faster way of doing things.

  • Automate functionality security tests
  • Automate non-functional security tests
  • Automate application security tests
  • Automate infrastructure security tests
  • Automate configuration security tests
  • Automate application logic security tests

More info:

Automated Security Testing in a Continuous Delivery Pipeline

By Stephen de Vries on Automated unit, integration and acceptance tests are essential quality controls in running a…

devops.com

Monitoring processes, apps, infrastructure etc.

Collect and analyze:

  • relevant metrics,
  • events logs,
  • machine data,

It will allow to gain real-time insights across the application lifecycle and hence the opportunity to quick fix issues, earlier, faster and at little cost.

More info:

Web Application and User protection | Sqreen

Sqreen is a web application security monitoring and protection solution helping companies protect their apps and users…

www.sqreen.com

Log Management & Security Analytics, Continuous Intelligence: Sumo Logic

Sumo Logic is industry's leading, secure, cloud-based service for logs & metrics management for modern apps, providing…

www.sumologic.com

Software intelligence for the enterprise cloud | Dynatrace

Deliver perfect software experiences with real-time intelligence into customer satisfaction and behavior, your…

www.dynatrace.com

Modern monitoring & analytics | Datadog

See metrics from all of your apps, tools & services in one place with Datadog's cloud monitoring as a service solution…

www.datadoghq.com

SIEM, AIOps, Application Management, Log Management, Machine Learning, and Compliance | Splunk

Splunk Inc. turns machine data into answers with the leading platform to tackle the toughest IT, IoT and security…

www.splunk.com

DevOps
Security
Process
Development
Automation

 by the author.

--

--

Maciej
Maciej

Written by Maciej

796 Followers
50 Following

DevOps Consultant. I’m strongly focused on automation, security, and reliability.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams