Articles

Secure padlock Embedding Security in a DevOps World

Faster DevOps processes also create new challenges. It was difficult enough to add security into a traditional waterfall software development lifecycle with monthly or quarterly releases, but now software updates are released several times a day! What can developers do to build and maintain more secure applications? Here are some ways to encourage better security practices throughout the DevOps lifecycle.

Alex Humphrey's picture Alex Humphrey
Padlock on a fence 4 Keys to Protecting Your Data in a DevOps World

It may seem like the desires for end-to-end DevOps and protection of sensitive data are in conflict, but if done correctly, they can be two sides of the same coin. DevOps processes such as version control and delivery automation introduce the very measures needed to properly protect production data. The key to keeping data safe while using it during your DevOps process is to focus on these four areas.

Tom Austin's picture Tom Austin
Image of lock over code DevSecOps: Incorporate Security into DevOps to Reduce Software Risk

DevSecOps is a growing movement to incorporate security into DevOps practices in order to ensure flaws and weaknesses are exposed early on through monitoring, assessment, and analysis, so remediation can be implemented far earlier than traditional efforts. By failing fast with security testing, organizations reduce risk of a security incident and decrease the cost of rework.

Alan Crouch's picture Alan Crouch
left arrow Shift Left: Now for Open Source and Security Compliance

Shifting left has been focused on testing proprietary code earlier. But at what point in the lifecycle are you checking your open source compliance and ensuring you do not have security vulnerabilities? If you shift this process left and perform it earlier in your software development lifecycle, just like with testing, you can see the same benefits of saving time, money, and headaches.

Rami Sass's picture Rami Sass

Better Software Magazine Articles

cyber thief What if Someone Steals Your Code?

Bob Zeidman, an expert in software forensics, provides a great overview of how to protect your software from predators. You'll learn the difference between copyrights, trade secrets, and patents.

Bob Zeidman's picture Bob Zeidman
Pitfalls of Developing for the IoT

The Internet of Things (IoT) enables amazing software-powered devices designed to make our business and personal lives easier. Lev Lesokhin discusses four fundamental practices you'll need when developing sophisticated software for the IoT.

Lev Lesokhin's picture Lev Lesokhin
Your Professional Responsibility for Security and Performance

It is Johanna Rothman's belief that security and performance are no longer nonfunctional requirements in modern-day software development. Instead, we must prepare to accommodate security and performance needs in all projects.

Johanna Rothman's picture Johanna Rothman
A Radical View of Software Licensing and Piracy

Software vendors are making extraordinary efforts to protect the installation and use of apps, but have they gone too far? Preventing software piracy can have an adverse effect on genuine users. Software licensing  technology, according to Steve, needs to strike the best balance of protecting the asset while trusting the customer.

Steven Cholerton's picture Steven Cholerton

Interviews

Gene Gotimer Understanding the Role of QA in DevOps: An Interview with Gene Gotimer
Video

Gene Gotimer, senior architect at Coveros Inc., discusses understanding the role of QA in DevOps, DevOps educational tools, trusting your team, and paid and open source security tools.

Jennifer Bonine's picture Jennifer Bonine
Mike Faulise Giving Control Back to Software Developers: An Interview with Mike Faulise
Video

In this interview, Michael Faulise, the founder and managing partner at tap|QA, explains how the move toward DevOps and away from release management is giving control back to developers, then details why major companies often need partners to leverage CI, CD, and other modern techniques.

Jennifer Bonine's picture Jennifer Bonine
Jeff Payne Why You Need to Take Security and DevOps Seriously: An Interview with Jeff Payne
Video

In this interview, Jeff Payne, the CEO and cofounder of Coveros, explains why major companies just aren’t that good at security. He discusses how you can better protect your business, as well as why DevOps can and should be a key to your success.

Jennifer Bonine's picture Jennifer Bonine
Jeff Payne Getting Started with Security Testing: An Interview with Jeff Payne
Video

In this interview, Jeff Payne, the CEO and founder of Coveros, talks about software security. He discusses the Internet of Things and how it relates to safety-critical devices, some useful tools, how testers can test for security, and how DevOps pushes that process earlier in your lifecycle.

Jennifer Bonine's picture Jennifer Bonine

Conference Presentations

Agile DevOps West What Japanese Shinkansen Trains Can Teach Us about Agile
Slideshow

Have you ever been to Japan and noticed that their railway system is incredibly efficient? As places like Tokyo continue to expand and the cost of living rises, more and more people rely on trains that start hours away from the city to arrive on time. This allows passengers to make their connections to other trains networks and metros that will take them to their final destination. In 2017, over 420 million passengers boarded Shinkansen trains that had an average delay of only 24 seconds! Not to mention that in the 55 years of operation, the Shinkansen has had no injuries due to collision accidents, only 2 derailments, and zero fatalities. Matthew Weinstock walks you through agile principles and practices that are used to keep the trains in Japan running on time, as well as being used to constantly improve their technology, reliability and safety.

Matthew Weinstock
STAREAST Security Partners or Security Police?
Slideshow

It’s often said that with great power comes great responsibility. As technology becomes more powerful, security becomes a great responsibility. You’ve read all the books, followed the latest updates on all the blogs and forums, or maybe you just have a gut feeling that there’s a potential for disaster. As software testers, is it our job to be the security police? If you don’t protect the public, who will? Then there is the business—who is going to protect them from themselves? You go into meetings ready to save the day only to be shot down or, even worse, ignored. What went wrong? Why were you so easily dismissed? Join Janna Loeffler and Yesenia Yser as they talk about how to be the Secret Service of software security instead of the security police. They’ll talk about some simple actions you can take to increase the security of your software without policing it.

Janna Loeffler
STAREAST Visual Regression Testing: A Critical Part of a Mobile Testing Strategy
Slideshow

There are many types of testing that companies need to perform in order to have confidence in their product: security testing, integration testing, system testing, performance testing, and more. Often, mobile developers focus on ensuring that main end-to-end flows of their applications work by relying on frameworks like Appium or Robotium. However, in the mobile domain, visual testing is essential because mobile devices differ drastically in capabilities, display dimensions, and even operating systems. Visual regression testing targets specific areas of visual concepts like layouts, responsive design, graphics, and CSS. Because modern mobile applications are built as hybrid and native applications, there is no way to scale this sort of testing using manual resources, so visual test automation must be a crucial piece of the testing stack.

Dmitry Vinnik
Agile DevOps East Serverless Security: Overcome Architectural Security Challenges
Slideshow

Serverless architectures take the idea of microservices to the extreme. To implement secure serverless architectures, you have to understand how to compartmentalize programs at the function level. You also need to factor in security practices: Serverless architectures are susceptible to traditional attacks such as SQL injection and command injection, along with a wide variety of privilege escalation and sensitive data disclosure attacks. Developers must consider what would happen if an attacker attempted to invoke each of their functions directly. What if one of those functions were to become nonresponsive? Designing, implementing, and maintaining serverless architectures dramatically increases the complexity of security. Join Eric Sheridan as he discusses how to implement distributed, secure identity management and entitlement enforcement across 250+ functions.

Eric Sheridan

CMCrossroads is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.