Filter By:

Recent Blogs & Podcasts

Insights

\ AppDev 



July 20, 2017 | AppDev Frameworks
By Dave Shackleford, IANS Faculty

 Container Security Best Practices

Ensuring containers like Docker remain secure is critical, because any missed issues may end up propagating throughout an environment. In this Ask-an-Expert written response, IANS Faculty Dave Shackleford offers some tips and best practices for deploying containers securely. 

Read More »


July 18, 2017 | AppDev Frameworks
By Jason Gillam, IANS Faculty

 Agile, DevOps and Security: A Primer

As more organizations adopt DevOps and Agile development methodologies, security needs to both understand and participate in the transition. In this Ask-an-Expert written response, IANS Faculty Jason Gillam provides an overview of Agile and DevOps, as well as tips for ensuring security is seamlessly integrated and aligned in the process going forward.

Read More »


July 11, 2017 | Software Development Lifecycle (SDLC)
By Jason Gillam, IANS Faculty

 Get Up to Speed on the Agile SDLC

Shifting from Waterfall to Agile can be frustrating for security teams that aren't well versed in Agile's nuances. In this Ask-an-Expert written response, IANS Faculty Jason Gillam explains the philosophy behind Agile, details the SDLC and shows how it can be used to improve software security over time. 

Read More »


May 25, 2017 | Software Development Lifecycle (SDLC)
By Diana Kelley, IANS Faculty

 The 10 Commandments of Secure App Dev

Recommendations about what constitutes good application security throughout the software development life cycle (SDLC) abound, but what are the most critical areas to focus on? In this Ask-an-Expert written response, IANS Faculty Diana Kelley presents her take on the top 10 commandments of secure application development.

Read More »


May 18, 2017 | Cloud Application and Data Controls
By Dave Shackleford, IANS Faculty

 Security-as-Code: A Key to Cloud Security

Businesses are moving faster to the cloud and DevOps is accelerating scale and pushing automation. But how do we secure DevOps and cloud deployments? In this report, IANS Faculty Dave Shackleford explores the concept of security-as-code and details how security teams must fully assess their threats, collaborate with DevOps and automate scanning and configuration to ensure a secure migration to the cloud. 

Read More »


May 12, 2017 | Application Development and Testing
By Jason Gillam, IANS Faculty

 Outsourcing Application Security Testing

Outsourcing dynamic application security testing (DAST), especially since it involves automated tools like AppScan and Burp, should be relatively straightforward. That is, until you consider the importance of the human element. In this Ask-an-Expert live interaction, IANS Faculty Jason Gillam suggests staff augmentation and developer training as more cost-effective and efficient ways to free up internal staff.

Read More »


March 31, 2017 | DevOps Organization and Strategy
By Michael Pinch, IANS Faculty

 Making Threat Modeling an Integral Part of the Development Process

Threat modeling is a critical part of the mature software delivery process, especially in DevOps environments, but ensuring it's integrated effectively and seamlessly can be tricky. In this Ask-an-Expert written response, IANS Faculty Mike Pinch offers some tips for inserting threat modeling into the development process, along with some key tools to consider.

Read More »


March 9, 2017 | AppDev Frameworks
By Jason Gillam, IANS Faculty

 Deploying Containers Securely

Developers love containers because they are quick, simple to use and allow for easier scaling of hardware resources, but few pay much attention to the security issues they present. With containers in the mix, how can security organizations ensure their developers aren’t continually copying and pasting security issues across the environment? In this report, IANS Faculty Jason Gillam steps you through the worst of the pitfalls to ensure your organization rolls out more secure containerized solutions.

Read More »