DevOps at its heart leads to continual improvement in software through continuous deployment: develop, deploy, and repeat. But continuous deployment requires lots of changes to that software on a weekly or even daily basis. As you well know, change can be the enemy of security.
So how do we maintain security in software created in continuous deployment environments?
Security challenges & solutions in continuously deployed software
Hackers frequently target specific vulnerabilities that allow cross site scripting and SQL injection. Defensive programming seals these holes using input validation, where you check all input into an application and reject any harmful input. “You simply don’t allow input sequences that could be used to inject code into a browser or database,” says Tom Stiehm, CTO, Coveros.