InfoZen enables pre-deployment patching for DevOps coding

For this review, InfoZen was brought in to create a fully-end-to-end DevOps scanning solution using their InfoZen Cloud and DevOps Practice service. Even within our admittedly tiny test environment, the benefits of the InfoZen toolset and automatic processes were obvious.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

DevOps, a combination of the words 'development' and 'operations', has come to mean a lot of different things. It can describe a movement, a cultural shift, or any new practice that emphasizes the role of collaboration and communication between software developers and other IT professionals, such as the system administrators who will be overseeing the operations and security of the programs that developers create. In general, DevOps also includes automation as part of its deployment to help speed things along.

It was not surprising that DevOps scanning tools made Gartner's list of hot cybersecurity product groups, because as DevOps continues to evolve, it has taken on a greater role in terms of security. Within cybersecurity, deploying DevOps generally involves fixing errors and vulnerabilities in a program’s code while it is still being written.

Prior to DevOps, developers often would create a program, which could consist of thousands or even millions of lines of code, and then give it to IT teams to deploy. Then IT teams would be faced with dealing with the fallout from things like zero-day exploits, code vulnerabilities or even errors in how the program operated. Most of the time, code would then be sent back to the developers to be reworked and fixed, a lengthy process that might create even more errors or security vulnerabilities. This inefficient process also tended to hide cybersecurity vulnerabilities, which sometimes only came to light after an attacker exploited them.

Writing code using a DevOps process is different. Following those wise old sayings like “measure twice, cut once,” or “a stitch in time saves nine,” writing code using DevOps means finding and fixing errors as the program is being created — long before the deployment phase. In an ideal world, the final code delivered to IT teams for deployment is, thus, free from errors or vulnerabilities.

But achieving that level of success, where the final code is both secure and error-free, is not an easy thing to achieve. While various tools exist to handle various parts of the DevOps chain, it normally requires an experienced integrator to link them together, add automation, and keep everything running smoothly over time. For this review, InfoZen was brought in to create a fully-end-to-end DevOps scanning solution using their InfoZen Cloud and DevOps Practice service. The company is currently offering the same type of services for several federal agencies.

Putting DevOps scanning to the test

For this test, an extremely simple website was constructed to use as an example of a program or project where DevOps could be applied. In truth, the program was so simple that it was unknown if there would be any vulnerabilities lurking in the code. It basically asked users what they wanted for lunch and then gave several choices of restaurants in the area, displaying information like menu items for whichever one was selected.

To continue reading this article register now

NEW! Download the Winter 2018 issue of Security Smart