AppSec Blog

Exploring the DevSecOps Toolchain

The authors of the SANS Institute's DEV540 Secure DevOps & Cloud Application Security course created the Secure DevOps Toolchain poster to help security teams create a methodology for integrating security into the DevOps workflow. As you can see, the poster breaks DevOps down into 5 key phases and includes a massive list of open … Continue reading Exploring the DevSecOps Toolchain


Your Secure DevOps Questions Answered

As SANS prepares for the 2nd Annual Secure DevOps Summit, Co-Chairs Frank Kim and Eric Johnson are tackling some of the common questions they get from security professionals who want to understand how to inject security into the DevOps pipeline, leverage leading DevOps practices, and secure DevOps technologies and cloud services. If you are … Continue reading Your Secure DevOps Questions Answered


Continuous Opportunity - DevOps and Security

Thank you to everyone at the Minnesota ISSA chapter for the opportunity to share some background on DevOps and some ideas about how security teams can benefit by adopting DevOps practices & tools. The presentation slides are available here: Continuous Opportunity- DevOps and Security. To learn more about DevOps and Cloud Security, check out … Continue reading Continuous Opportunity - DevOps and Security


2017 Application Security Survey is Live!

Our 2016 application security survey, led by Dr. Johannes Ullrich, saw AppSec Programs continuously improving. In this year's 2017 survey led by Jim Bird, we will be looking at how AppSec is keeping up with rapidly increasing rates of change as organizations continue to adopt agile development techniques and DevOps. The survey is officially … Continue reading 2017 Application Security Survey is Live!


Taking Control of Your Application Security

Application security is hard. Finding the right people to perform application security work and manage the program is even harder. The application security space has twice as many job openings as candidates. Combined that with the fact that for every 200 software engineers there is only 1 security professional, how do we staff a … Continue reading Taking Control of Your Application Security