AppSec Blog: Category - SecDevOps

Exploring the DevSecOps Toolchain

The authors of the SANS Institute's DEV540 Secure DevOps & Cloud Application Security course created the Secure DevOps Toolchain poster to help security teams create a methodology for integrating security into the DevOps workflow. As you can see, the poster breaks DevOps down into 5 key phases and includes a massive list of open … Continue reading Exploring the DevSecOps Toolchain

Your Secure DevOps Questions Answered

As SANS prepares for the 2nd Annual Secure DevOps Summit, Co-Chairs Frank Kim and Eric Johnson are tackling some of the common questions they get from security professionals who want to understand how to inject security into the DevOps pipeline, leverage leading DevOps practices, and secure DevOps technologies and cloud services. If you are … Continue reading Your Secure DevOps Questions Answered

Taking Control of Your Application Security

Application security is hard. Finding the right people to perform application security work and manage the program is even harder. The application security space has twice as many job openings as candidates. Combined that with the fact that for every 200 software engineers there is only 1 security professional, how do we staff a … Continue reading Taking Control of Your Application Security Automated Hardening Framework

Editors Note: Today's post is from Jim Bird. Jim is the co-founder and CTO of a major U.S.-based institutional trading service, where he is responsible for managing the company's technology organization and information security program. Automated configuration management tools like Ansible, Chef and Puppet are changing the way that organizations provision and manage their … Continue reading Automated Hardening Framework