Devsecops

Devsecops | News, how-tos, features, reviews, and videos

programmer abstract code glasses devops certification skills kevin unsplash
iot security startups hot highlights planets rocket lock security

noops devops automated developers ai code by andrey suslov

NIST workshop provides clues to upcoming software supply chain security guidelines

Experts at a NIST-sponsored workshop weigh in on what might be in the final version of the Biden executive-order-mandated supply chain security guidelines.

female developer programmer devops next generation it staff

Software composition analysis explained, and how it identifies open-source software risks

SCA tools give insight into open-source software components and the vulnerabilities they have.

Conceptual image of a password amid hexadecimal code.

4 tools to prevent leaks in public code repositories

Use these tools to find your company's exposed secrets in repositories such as GitLab, GitHub, or Google Cloud Build before attackers do.

programmer developer devops apps developer code hacker dark secrets by peopleimages getty

How software reliability can help drive software security

Adopting both devsecops and site reliability engineering concepts increases software availability and security by improving stability and shortening time to implement fixes.

noops code developer devops html web developer by mazimusnd getty

NIST's new devsecops guidance to aid transition to cloud-native apps

The NIST guidance dives into technical and procedural nuances associated with implementing devsecops with cloud-native applications and microservices architectures.

programmer developer devops apps developer code hacker dark secrets by peopleimages getty

10 top API security testing tools

Application programming interfaces have become a favorite target for attackers. These tools and platforms (both commercial and open source) will help identify errors, vulnerabilities, and excessive permissions.

blind spot side view mirror car vehicle

Security blind spots persist as companies cross-breed security with devops

As devops matures into devsecops, cultural obstacles continue to exert drag.

vulnerable breach cyberattack hacker

Securing CI/CD pipelines: 6 best practices

Criminals are exploiting vulnerabilities in continuous integration/continuous delivery pipelines to steal sensitive information, mine cryptocurrencies, and deliver malicious code.

Hands use a keyboard at a desktop display showing lines of code in a dimly lit workspace.

Securing infrastructure as code: Perils and best practices

Some organizations are leaving themselves vulnerable when they adopt an infrastructure-as-code approach. Here's how to avoid misconfigurations and insecure templates.

vulnerable breach cyberattack hacker

How API attacks work, and how to identify and prevent them

Attackers know how to get around WAFs and API gateways when targeting APIs. Here's how some companies are coping with the rapid increase in API attacks.

Missed target arrows bullseye

7 most common ways to fail at devsecops

Devsecops initiatives are fraught with peril and require careful consideration of culture, learning, process and business needs. Here's how companies tend to fail in those areas.

Check mark certificate in a binary tunnel / standards / quality control / certification / certifi

New free software signing service aims to strengthen open-source ecosystem

The Linux Foundation's sigstore code-signing software, developed with Google, Red Hat and Purdue University, will help prevent attacks on the software supply chain.

Tech Spotlight   >   Cybersecurity [CSO]   >   Hands cradle an abstract, virtual security matrix.

Cybersecurity in 2021: Stopping the madness

The challenges are greater than ever. But security pros have learned a lot – and with luck, the right strategic defenses can help even the highest-value targets withstand severe attacks.

Triangular alert with exclamation mark amid abstract binary and sketches of scattered books.

Dependency confusion explained: Another risk when using open-source repositories

Dependency confusion is a newly discovered logic flaw in the default way software development tools pull third-party packages from public and private repositories. Here's what you need to know.

What it takes to become an information assurance analyst

This in-demand role calls for a rare combination of superior communication skills and security chops. Learn how one information assurance analyst landed his current job, the skills and training that helped him get there, and where his...

Fraud prevention: Improving internal controls

Internal fraud controls aren't fire-and-forget. Smart collaboration and ongoing improvement will help keep fraud in check. Here are the basics.

information security 2

How to write an information security policy

Learn the critical first step, why consensus is key, what to cover and how make your information security policy — and program — effective.

Red team versus blue team: How to run an effective simulation

Playing the role of an attacker can make your team better at defense. Learn how in our step-by-step guide to war gaming your security infrastructure — from involving the right people to weighing a hypothetical vs. live event.

Load More