DevOps.com

Where the world meets DevOps

DevSecOps

Software Supply Chain Attacks

Software Supply Chain Attacks: How to Disrupt Attackers

| | open source, sdlc, security, SOC, Software Supply Chain, supply chain attacks
Supply chain attacks—compromising an organization via insecure components in its software supply chain—are a growing concern for organizations. Throughout the past three years, an increasing number of open source software package repositories ...
DevSecOps Embed Security into DevOps

DevSecOps: 10 Best Practices to Embed Security into DevOps

| | devops, devsecops, security, testing
For companies that employ the agile approach, DevOps seems like a natural extension. Traditionally, enterprises started with integration, development and test automation early in the product lifecycle. Gradually, the agile delivery team ...
API Security DevOps

API Security in DevOps: Are We Too Comfortable?

| | agile, API, devops security, security
Postman performed its annual survey of developers, and as this survey and many other surveys have shown, developers are generally comfortable with the level of API security that their organization has implemented ...
Service Meshes Improving Security Delivery Availability

Service Meshes: Improving Security, Delivery and Availability

| | CNI, container networking interface, container security, containers, microservices, service mesh
Containerized microservices are taking over the software world. These services provide developers a way to quickly create and deploy cloud-native applications. However, containers aren’t perfect. Orchestrating and managing container deployments can be ...
certificates

Certificates a Fly in the DevOps Ointment

| | certificate issuance policies, certificates, Cybersecurity, devops, devsecops, survey, Venafi
The way cybersecurity teams have managed certificates is turning out to be a major impedance that could best be addressed by more organizations adopting best DevSecOps practices in 2020. A survey of ...
OWASP API Security

Breaking Down the OWASP API Security Top 10, Part 2

| | API, API security, database management systems, injection vulnerability, OWASP, personal identifiable information, SQL injection
Due to the widespread usage of APIs, and the fact that attackers realize APIs are a new attack frontier, the OWASP API Security Top 10 Project was launched. From the beginning, the ...
Secure Network Integrate EDR DevOps

Secure Your Network: How to Integrate EDR and DevOps

| | devops challenges, devsecops, EDR, Endpoint Detection and Response
DevOps and Endpoint Detection and Response (EDR) solutions converge when no human element is required while deploying applications or detecting the threat and executing preventive measures. In this article, I am evaluating ...
Breaking Down the OWASP API Security

Best of 2019: Breaking Down the OWASP API Security Top 10, Part 1

| | API, API security, authentication endpoints, OWASP, secure coding
As we close out 2019, we at DevOps.com wanted to highlight the five most popular articles of the year. Following is the fifth in our weeklong series of the Best of 2019 ...
Engineering Approach to DevOps

Best of 2019: The Time Has Come for an Engineering Approach to DevOps

| | continuous delivery, devops, DevOps assessment, digital transformation, engineering, Engineering DevOps, Pillars
As we close out 2019, we at DevOps.com wanted to highlight the five most popular articles of the year. Following is the third in our weeklong series of the Best of 2019 ...
Infrastructure Ops Trends

Predictions 2020: Infrastructure and Ops Trends to Watch in 2020

| | devops, kubernetes, microservices, ops trends, Predict 2020, Predict 2020 Virtual Summit, serverless, service mesh, SRE
Today, modernizing systems is more than simply moving technology to a new location. It requires an IT stack of a new generation of technologies and tools to work. As we head into ...