We use cookies to deliver you the best experience on our website. By continuing to use our website, you consent to our cookie usage and revised Privacy Statement.

Filter By:

Type

Topic

Recent Blogs & Podcasts

Insights Portal

\ AppDev 



August 15, 2018 | DevOps Organization and Strategy
By Jason Gillam, IANS Faculty

 Shift Left: Drive the Sec into DevSecOps

In the fast-moving world of Agile and DevOps environments, security needs to become an integral part of the continuous integration/continuous delivery (CI/CD) process. In this report, IANS Faculty Jason Gillam examines the tactics and strategies of successful DevSecOps organizations and discusses ways to foster the right organizational mindset to get everyone on the same page.

Read More »


August 15, 2018 | DevOps Organization and Strategy

 DevSecOps Workflow

DevOps is about changing how we think and work to accommodate the scale and speed of today’s cloud-based solutions. This “Shift Left” DevSecOps workflow provides a roadmap for ensuring security teams are also immersed in this new way of thinking and working. 

Read More »


August 14, 2018 | Penetration Testing and Red Teaming
By Dave Shackleford, IANS Faculty

 Pros and Cons of Crowdsourced Penetration-Testing

Crowdsourced penetration-testing offers many benefits, not the least of which is the ability to perform more frequent tests to better reflect the dynamic nature of application updates. In this Ask-an-Expert written response, IANS Faculty Dave Shackleford outlines the pros and cons of crowdsourced pen-testing and underscores the need to adopt the right mindset.

Read More »


August 3, 2018 | AppDev Frameworks

 Container Security Checklist

Several security elements are the same for both container-based design and traditional use of virtual machines, but they have some fundamental differences as well. This checklist steps through the process of hardening the container host system, securing the daemon, implementing network management and more.

Read More »


August 1, 2018 | AppDev Frameworks
By Josh More, IANS Faculty

 Containerization: Know the Pros and Cons

As more DevOps organizations shift from virtualization technologies to container platforms like Docker, they quickly find configuring and locking down these container environments is no easy task. In this report, IANS Faculty Josh More details the advantages and risks of containerization tools, and offers tips for securing them properly.

Read More »


May 17, 2018 | Threat Intelligence and Modeling
By Jake Williams, IANS Faculty

 Threat Modeling: Three Basic Approaches to Consider

With so many threat modeling approaches available, how do you choose the right one for your particular environment? In this Ask-an-Expert written response, IANS Faculty Jake Williams recommends three approaches designed to help model threats against PaaS and IaaS cloud assets, in addition to a range of other attacks.

Read More »


February 15, 2018 | DevOps Organization and Strategy
By Dave Shackleford, IANS Faculty

 Best Practices in Container Security

While many organizations are deploying containers for all kinds of applications, few fully understand - and implement - strong container security today. In this Ask-an-Expert live interaction, IANS Faculty Dave Shackleford recommends ways to secure the underlying platform and ensure the integrity of repositories, in addition to other best practices.

Read More »


January 31, 2018 | Vulnerability Assessment and Management
By Marcus Ranum, IANS Faculty

 Structure a Low-Profile Bug Bounty Program

While Google's bug bounty program is well designed and provides rich rewards, not every organization can operate at that high level. In this Ask-an-Expert live interaction, IANS Faculty Marcus Ranum describes how to build a well-structured, low-profile program that encourages participation using a more realistic reward scale. 

Read More »


January 9, 2018 | Penetration Testing and Red Teaming
By Shannon Lietz, IANS Faculty

 Best Practices for Working with Bug Bounty Programs

Bug bounty programs like HackerOne, Bugcrowd and Synack can help organizations uncover code flaws before the bad guys do, but what are the best ways to leverage them without busting the budget? In this Ask-an-Expert live interaction, IANS Faculty Shannon Lietz explains the importance of solid security basics and preparation prior to engagement. 

Read More »


December 13, 2017 | DevOps Organization and Strategy
By Shannon Lietz, IANS Faculty

 Secure DevOps Requires Focus on Components and Developer Responsibility

Determining where, when and how to scan for vulnerabilities within a DevOps environment isn't straightforward. In this Ask-an-Expert live interaction, IANS Faculty Shannon Lietz recommends focusing early in the process to create secure components, while also fostering a culture where developers take responsibility for the security of their own code.

Read More »