We use cookies to deliver you the best experience on our website. By continuing to use our website, you consent to our cookie usage and revised Privacy Statement.

Filter By:



Recent Blogs & Podcasts

Insights Portal

\ AppDev


August 23, 2018 | Application Development and Testing
By Kevin Beaver, IANS Faculty

 Secure Lab/Test Environments Effectively

Lab and test environments are seldom hardened, patched or properly managed. In this Ask-an-Expert written response, IANS Faculty Kevin Beaver recommends going beyond policy and offers tips to ensure test/lab environments meet baseline security requirements.

Read More »

August 15, 2018 | DevOps Organization and Strategy
By Jason Gillam, IANS Faculty

 Shift Left: Drive the Sec into DevSecOps

In the fast-moving world of Agile and DevOps environments, security needs to become an integral part of the continuous integration/continuous delivery (CI/CD) process. In this report, IANS Faculty Jason Gillam examines the tactics and strategies of successful DevSecOps organizations and discusses ways to foster the right organizational mindset to get everyone on the same page.

Read More »

August 15, 2018 | DevOps Organization and Strategy

 DevSecOps Workflow

DevOps is about changing how we think and work to accommodate the scale and speed of today’s cloud-based solutions. This “Shift Left” DevSecOps workflow provides a roadmap for ensuring security teams are also immersed in this new way of thinking and working. 

Read More »

August 14, 2018 | Penetration Testing and Red Teaming
By Dave Shackleford, IANS Faculty

 Pros and Cons of Crowdsourced Penetration-Testing

Crowdsourced penetration-testing offers many benefits, not the least of which is the ability to perform more frequent tests to better reflect the dynamic nature of application updates. In this Ask-an-Expert written response, IANS Faculty Dave Shackleford outlines the pros and cons of crowdsourced pen-testing and underscores the need to adopt the right mindset.

Read More »

August 3, 2018 | AppDev Frameworks

 Container Security Checklist

Several security elements are the same for both container-based design and traditional use of virtual machines, but they have some fundamental differences as well. This checklist steps through the process of hardening the container host system, securing the daemon, implementing network management and more.

Read More »

August 1, 2018 | AppDev Frameworks
By Josh More, IANS Faculty

 Containerization: Know the Pros and Cons

As more DevOps organizations shift from virtualization technologies to container platforms like Docker, they quickly find configuring and locking down these container environments is no easy task. In this report, IANS Faculty Josh More details the advantages and risks of containerization tools, and offers tips for securing them properly.

Read More »

May 17, 2018 | Threat Intelligence and Modeling
By Jake Williams, IANS Faculty

 Threat Modeling: Three Basic Approaches to Consider

With so many threat modeling approaches available, how do you choose the right one for your particular environment? In this Ask-an-Expert written response, IANS Faculty Jake Williams recommends three approaches designed to help model threats against PaaS and IaaS cloud assets, in addition to a range of other attacks.

Read More »