Zero trust policies for software releases could be key
Thursday, December 8, 2022 by Gopinath Rebala
Today’s integrated DevOps methodology offers businesses the promise of accelerating innovation by providing customers and employees with new application capabilities faster. However, this approach can also increase risks associated with cybercrime and the failure to comply with rapidly evolving privacy regulations. As a result, minimizing security risk during the ...
The value of BizDevSecOps for developers
Friday, August 26, 2022 by Richard Harris
Gregg Ostrowski serves as the Executive CTO at AppDynamics, part of Cisco. In this Q&A, he goes in-depth on the value of BizDevSecOps for developers, including how it helps break down silos and build bridges among business, security, developer, and operations teams. Gregg highlights how the framework evolved from DevOps and DevSecOps, as well as why it is ...
Traceable AI and ArmorCode integration
Wednesday, August 24, 2022 by Brittany Hainzinger
ArmorCode has announced an integration with Traceable AI which will bring its data into the ArmorCode platform and improve Application Security Posture from code to cloud.
To move at the speed of business, modern applications are increasingly powered by APIs to deliver functionality. The challenge is that each new API must be secured and as the number of APIs in...
AppSecCon 2022 dates
Monday, May 9, 2022 by Freeman Lightner
The Purple Book Community, a community of top security leaders, announced that AppSecCon 2022 will take place May 18-19, 2022. The virtual event is expected to host thousands of leading security professionals from around the world.0
AppSecCon 2022 dates
When: May 18-19, 2022 from 9 a.m. to 2 p.m. (PT) each day
Where: Virtual Conference, Register Today! Presenta...
DevOps predictions for 2022
Wednesday, January 19, 2022 by Richard Harris
Yoav Landman, Co-Founder, and CTO of JFrog created Artifactory after 7 years as a senior consultant with AlphaCSP. He has held several senior technical roles with Attunity, Verve, and Sausage. Yoav holds a Master of Computing degree from RMIT University and a BA in Law (LLB) from Haifa University.
Low-Code/No-Code, Metaverse, and DevOps predictions for 2022
Landma...
Cloud and Edge computing 2022 predictions
Monday, January 17, 2022 by Brittany Hainzinger
Tobi Knaup is the CEO & Co-Founder at D2iQ, an independent Kubernetes company that 30% of the Fortune 50 companies and the U.S. Department of Defense rely on for their most mission-critical apps. Knaup shares his 2022 predictions about the shifting cloud landscape.
The marriage of Cloud and Edge:
While both edge and cloud computing has been the subj...
Compliance as code adoption in 2022
Monday, January 10, 2022 by Freeman Lightner
Prashanth Nanjundappa is VP of Product Management at Progress. He has spent his entire career of over 20 years in the tech world, managing cross-functional high-performance teams, focused on building and launching enterprise and consumer products globally.
In the first 12 years of his career, Prashanth worked as a developer, technical lead, and architect for mobile, ...
App security testing platform lands from Oxeye
Monday, January 3, 2022 by Freeman Lightner
Oxeye announced the company’s Cloud-Native Application Security Testing Platform (CNAST). The new platform identifies code vulnerabilities, open-source vulnerabilities, and secrets to highlight the most critical issues in the software development lifecycle, delivering clear guidance for fast and accurate remediation.
App security testing platform CNAST
Accor...
Oxeye closes a $5.3 Million seed financing round
Thursday, November 4, 2021 by Brittany Hainzinger
Oxeye announced the closing of a $5.3 Million seed financing round led by MoreVC, a seed-stage venture capital fund in Israel. The latest round includes support from i3 Equity Partners, and other cybersecurity focused investors as the company prepares to protect the world’s most popular Web applications with next-generation cloud-native Application Security Testin...
Software testing with Visual AI
Thursday, September 30, 2021 by Brittany Hainzinger
Applitools announced its inclusion in new research published by Enterprise Management Associates (EMA) entitled, "Disrupting the Economics of Software Testing Through AI." According to the report, Visual AI has the highest impact on software testing as compared to other available applications of AI technology in the market today.
Software testing with ...
Increase developer productivity with webhooks from CircleCI
Thursday, September 2, 2021 by Freeman Lightner
CircleCI, the continuous integration, and continuous delivery (CI/CD) platform have announced CircleCI webhooks, a feature that provides software engineering teams the ability to build integrations that react to CircleCI job and workflow status notifications.
How to increase developer productivity with webhooks from CircleCI
Research shows that the performance lev...
SRE practitioner certification announced by DevOps Institute
Monday, July 26, 2021 by Brittany Hainzinger
DevOps Institute announced its Site Reliability Engineer (SRE) Practitioner certification. This advanced certification helps candidates validate their deeper application of practices, methods, and tools for advancing site reliability engineering practices at their organizations. The SRE Practitioner certification is tailored for anyone focused on large-scale servic...
Compliance automation will take center stage this year
Wednesday, May 26, 2021 by Richard Harris
Compliance automation uses artificial intelligence features and technology to make compliance procedures easier - according to most sources on the web, about the meaning of compliance automation.
Progress Software CEO Yogesh Gupta says with smart companies turning to a compliance-as-code approach to keep infrastructure, apps, and end-user devices secure and com...
DevSecOps will go mainstream this year
Tuesday, January 26, 2021 by Richard Harris
Cybercriminals love Shadow Code exploits because hacking a commonly used library or service can place the malicious code on hundreds or thousands of websites. For example, the widely used jQuery JavaScript library has been breached multiple times, leading to digital skimming attacks broadly across the e-commerce sector. Adding jQuery to an application without ...
How DevOps will change in 2021
Saturday, January 9, 2021 by Freeman Lightner
DevOps will become much more security-aware. We’ll see greater attention paid to the newly expanded surface area created in the practice of DevOps and how to proactively protect against vulnerabilities in DevOps.
How DevOps will change in 2021 and the Impact from it
First, IT Ops and DevOps teams will need to reorient their processes to one that unifies...
Low code innovation predictions for 2021 from Gigaom
Tuesday, January 5, 2021 by Richard Harris
Distributed architectures drive development. We’re seeing a great deal of interest in microservices, containers, serverless, not just for new-build but also as a way to reface older applications and data. These architectures, which will also be hugely important for Edge and IoT, have an impact on how applications are built, as each distributed service needs to be ...
Political app vulnerabilities raise concern
Thursday, October 22, 2020 by Doug Dooley
With election season upon us, the US population is being inundated by candidate and proposition propaganda from a variety of sources – including television, the US mail, and mobile device apps. As annoying as this flood of information is at times, it’s important to understand that when it comes to these popular apps, and in fact all apps, if certain security...
GitLab acquires Peach Tech and Fuzzit
Friday, June 12, 2020 by Brittany Hainzinger
GitLab announced it has acquired Peach Tech and Fuzzit. These acquisitions will add fully-mature testing solutions including protocol fuzzing, API fuzzing, DAST API testing, and coverage-guided fuzz testing. This makes GitLab’s DevSecOps offering the first security solution to offer both coverage-guided and behavioral fuzz testing techniques as well as the fi...
Results from 2020 Quarterly Mobile Index report
Tuesday, May 19, 2020 by Brittany Hainzinger
PubMatic announced findings from their Q1 2020 Quarterly Mobile Index report, which shows that mobile advertising was much less affected by the coronavirus pandemic when compared to desktop advertising during the first three months of the year. With an accelerated shift to mobile, PubMatic advises publishers to take the current environment as an opportunity to review th...
Fourth annual DevSecOps survey from Gitlab
Monday, May 18, 2020 by Brittany Hainzinger
GitLab released the results of its fourth annual DevSecOps survey uncovering how roles across software development teams have changed as more teams adopt DevOps. The survey of over 3,650 respondents from 21 countries worldwide found that rising rates of DevOps adoption and implementation of new tools has led to sweeping changes in job functions, tool choices and or...
DevSecOps 7th annual Community Survey results
Wednesday, April 15, 2020 by Brittany Hainzinger
Sonatype published findings from its seventh annual DevSecOps Community Survey, based on responses from 5,045 software engineering professionals. The survey, developed and conducted in partnership with Carnegie Mellon’s Software Engineering Institute, CloudBees, DevOps Institute, DevOps.com, DevSecOps Days, NowSecure, Security Boulevard, Verica, and All Day DevOps...
Improve DevOps processes with API catalog
Thursday, March 26, 2020 by Richard Harris
One of the biggest trends in DevOps is the “shift left” approach when it comes to security, so much so that security conferences now host developer days, developer conferences host security days, and the two have melded into DevSecOps. But pragmatically, how do you implement security earlier into your development cycles? According to CloudVector VP of Engine...
Container runtime scanning open source software launched by Portshift
Thursday, March 26, 2020 by Brittany Hainzinger
Portshift introduced Kubei Open Source container scanning software. Kubei is a unique open source Kubernetes runtime images scanning solution, presented to invite developer collaboration for the hardening of runtime environments. Kubei identifies which pods were built from vulnerable images or contain newly discovered vulnerabilities, then it couples the Kubernetes info...
Best Practices for Kubernetes deployments from Portshift
Monday, January 27, 2020 by Richard Harris
Portshift presents five security best practices for DevOps and development professionals managing Kubernetes deployments. Integrating these security measures into the CI/CD pipeline will assist organizations in the detection and remediation of security issues earlier in the development process, allowing faster and shorter cycles while assuring safe and secure deployment...
New DevOps Institute program
Tuesday, August 13, 2019 by Richard Harris
DevOps Institue, a global member-based association for advancing the human elements of DevOps, revealed the introduction of its DevOps Institute Ambassador program. The program invites and acknowledges accomplished volunteers from across the globe who are committed to leading and empowering the DevOps Institute member community with the SKIL Framework to advan...
API contracts at the heart of security in 42Crunch release
Thursday, August 8, 2019 by Christian Hargrave
42Crunch, the creator of the industry's first API Firewall has released the API security platform with enhanced tools for developers to easily define security in OpenAPI contracts, enabling an agile DevSecOps experience, and providing full visibility into each individual API's security landscape. API security is complex and becomes a bottleneck wh...
Gitlab 12.0 released
Friday, June 28, 2019 by Christian Hargrave
GitLab is releasing 12.0 to help enterprises transform and accelerate DevOps adoption by bringing developers, operations professionals, and the security team together in the first single application for the entire DevSecOps lifecycle. With the 12.0 release, GitLab is building upon security features recently released - such as security dashboards, auto remediation and se...
Crowdsourced security and bug bounty adoption is spreading
Monday, May 20, 2019 by Richard Harris
There continues to be a fundamental imbalance in cybersecurity. Attackers are finding new ways to penetrate cyber defenses as targets proliferate to the cloud, mobile, and connected devices. Defenders need to take a proactive security approach.
The evolving threat landscape and the ever-widening security skills gap are giving rise to new approaches such as crowdsourc...
API security testing just got easier with 42Crunch's new scanner
Thursday, March 21, 2019 by Richard Harris
42Crunch officially released the 42Crunch API Platform, an API security cloud platform to discover vulnerabilities in APIs and protect them from attack. The 42Crunch Platform can protect SaaS, Web, or IoT APIs, as well as microservices.
This follows the launch of the free API Contract Security Audit tool at APISecurity.io earlier this month. The tool helps API d...
Kong Brain and Kong Immunity launches powered by AI and ML
Thursday, January 17, 2019 by Christian Hargrave
Kong Inc. has launched Kong Brain and Kong Immunity for its Kong Enterprise API platform. Powered by artificial intelligence (AI) and machine learning, the new, advanced features will help automate the entire API and service development lifecycle from pre-production to post-production to provide organizations with an intelligent, end-to-end API solution. By automating p...
What does the Kubernetes privilege escalation flaw mean
Tuesday, December 4, 2018 by Richard Harris
Bringing together powerful applications into containerized services that are open source can have their drawbacks, as recently discovered by the RedHat issued a critical Security Advisory and patches for CVE-2018-1002105, a privilege escalation flaw impacting Kubernetes.
Sumo Logic CSO, George Gerchow weighs in: "The Kubernetes vulnerability is a huge deal, even...
AI for cybersecurity
Tuesday, November 27, 2018 by Richard Harris
As organizations struggle to deal with the growing sophistication of hackers and the influx in data breaches, it's becoming clear that AI could be a critical tool for automatically defending applications from cyber attacks - but there are challenges to overcome. Ivan Novikov, the CEO of AI security company Wallarm, offers some insight below on how AI can be utilized...
IAST supports AppSec efficiencies while cutting costs and headaches
Monday, November 26, 2018 by Asma Zubair
It’s easy to feel passionate about interactive application security testing (IAST) in the world of application security. You see, IAST makes security testing almost invisible. It’s not something that requires a highly trained team to be brought in to carry out and analyze testing results. It doesn’t hold up other teams or processes from moving forward....
Speeding up SaaS deployments with Platform.sh
Friday, November 23, 2018 by Richard Harris
Organizations spend an inordinate amount of time and resources developing and maintaining infrastructure, which distracts from what should be their core focus: providing customers with valuable and engaging applications and digital experiences. Platform.sh allows companies to direct their attention towards accomplishing this primary goal by relieving them of the burden ...
New open source cloud discovery tool arrives from Twistlock
Thursday, November 15, 2018 by Christian Hargrave
Twistlock has released a new open source Cloud Discovery tool. Cloud Discovery gives enterprise infrastructure, operations, and security teams the ability to easily understand and quantify the size of their environment, and get a birds' eye view of what cloud native services are running and where. The first release supports Amazon Web Services (AWS), Micro...