Apac
  • Home
  • CXO Insights
  • CIO Speaks
  • Partner Conferences
  • Newsletter
  • Subscribe
  • News
  • About us
Apac

  • Admired Tech

    Agile

    AI Healthcare

    Artificial Intelligence

    Augmented Reality

    Aviation

    Big Data

    Blockchain

    Cloud

    Cyber Security

    DevOps

    Drone

    HPC

    Internet of Things

    IT Services

    Marine Tech

    Networking

    Plastic Tech

    PropTech

    Robotics

    Sensor Tech

    Simulation

    Smart City

    Software Testing

    Startup

    Storage

    Unified Communication

    Web Development

    Wireless

  • Automotive

    Banking

    Capital Market

    Compliance

    Construction

    E-Commerce

    Education

    FinTech

    Food and Beverages

    Gov and Public

    Healthcare

    Insurance

    Legal

    Logistics

    Manufacturing

    Media and Entertainment

    Metals and Mining

    Pharma and Life Science

    Retail

    Sports

    Travel and Hospitality

  • Google

    IBM

    Microsoft

    Oracle

    Salesforce

    SAP

    ServiceNow

  • Business Intelligence

    CEM

    Cognitive

    Collaboration

    Contact Center

    Corporate Finance

    CRM

    Data Center

    Digital Signage

    Enterprise Architecture

    Enterprise Asset Management

    Enterprise Communications

    Enterprise Performance Management

    ERP

    Facility Management

    Field Service

    Fleet Management

    Gamification

    HR Technology

    IT Infrastructure

    IT Service Management

    Managed Services

    PLM

    Procurement

    Project Management

    RegTech

    Revenue Management

    Sales Tech

Menu
    • Amazon
    • Automotive
    • HPC
    • Capital Market
    • Collaboration
    • CEM
    • Drone
    • Facility Management
    • Fleet Management
    • Food and Beverages
    • Business Intelligence
    • IBM
    • Insurance
    • IT Infrastructure
    • Legal
    • Marine Tech
    • Networking
    • Plastic Tech
    • Procurement
    • RegTech
    • Sensor Tech
    • Simulation
    More
    Fleet Management Food and Beverages Business Intelligence IBM Insurance IT Infrastructure Legal Marine Tech Networking Plastic Tech Procurement RegTech Sensor Tech Simulation
    #

    Apac CIO Outlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIO Outlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    • News
    • DevOps
    Editor's Pick (1 - 4 of 8)
    left
    Service Management in the Age of Digitization

    Douglas Duncan, CIO, Columbia Insurance Group

    Devops- 'Aligning the Future of Software Deployment'

    Herry Wiputra, CTO

    Compliance @ The Speed of Thought

    Patrick S. Kelso, Head of Devops Consulting - Anz Region, UST Global

    On the Evolution of Agile to DevOps

    Carmen DeArdo, DevOps Speaker, Consultant, Author and DevOps Leader, Nationwide

    Building the New Paradigm of Next-Gen DevOps Management

    Marc Priolo, VP, City National Bank

    A Crash Course in Low-Code Software: What it is, What it Does, Why it Matters

    Karen Astley, Vice President Asia-Pacific, Appian

    Meeting the Intelligent Data Management needs of 2019

    Shaun McLagan, Senior Vice President, Asia Pacific and Japan, Veeam Software

    Bridging the T&E Compliance Gap in a New Era of Business Travelers

    Madanjit Singh, Managing Director, South East Asia, SAP Concur

    right

    DevSecOps : Enhanced Security Assurance

    By Apac CIO Outlook | Wednesday, August 14, 2019
    Tweet

    DevSecOps principlesAccording to Verizon’s data breach report, utmost infringement occurs at an application level, and only three to four percent of annual security budget is granted for protecting applications. With DevSecOps, vulnerabilities can be minimized by shifting security left in software delivery pipeline and bring security nearer to IT and business.

    In a recent XebiaLabs webinar, James Wickett discussed three principles for incorporating security into complete DevOps lifecycle.

    With the help of bulkhead patterns, application dependants can be separated by the codes that are uniquely designed (the main idea behind this is to design for failure). All the elements of an application are to be isolated so that if one fails, the other can function properly. Bulkheads are put into little heads which are formed after splitting big services in the process of microservices movement. Though microservices have their limitations, they are great for security.

    Threat modeling illustrates the components that make applications work seamlessly in identifying the potential risks and mitigate the effects of threats to the system. Testing the vulnerabilities across all components of an application’s lifecycle can be done by few methods—adversity testing, Security as code, and vulnerability testing. Vulnerabilities can be identified by injecting advertising testing tools into the security pipeline. Metasploit, Nikto, and Arachni are the major hacking tools used by hackers to enter into the site for identifying weaknesses.

    DevSecOps strives to push security practices into software lifecycle so that assured security is derived. SAST (static application security testing), DAST (dynamic application security testing), and IAST (interactive application security testing) are the few applications used for testing vulnerabilities. These analyze the application behavior in the testing phase to help developers prioritize vulnerability findings.

    Continuous delivery of security is possible only when the main causes of vulnerabilities are evaluated, the results are integrated back into the software development process to avoid the repeated occurrence of the same mistake. Hiding information prolongs the exposure for vulnerabilities.

    DevSecOps shifts security from reactive to proactive that is supported by different techniques like test-driven development and attack driven defense. It champions the importance of security at every level and empowers security staff to make decisions that have a positive influence on business. DevSecOps is growing all the time, with an increasing number of organizations implementing it as a solution for security issues.

          Check out: Top Homeland Security Solution Companies

    Read Also

    Containers Attracting Attention from Developers

    Containers Attracting Attention from Developers
    DevOps Produces Deeper Solution for Deep Learning

    DevOps Produces Deeper Solution for Deep Learning
    Building an Enterprise API? DevOps is the Formula!

    Building an Enterprise API? DevOps is the Formula!
    DevOps Practices to Drive Scalability, the Success Catalyst

    DevOps Practices to Drive Scalability, the Success Catalyst

    Weekly Brief

    loading

    New Editions

    Copyright © 2019 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy  |  Sitemap

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://www.apacciooutlook.com/news/devsecops-enhanced-security-assurance-nwid-5684.html