Безопасность • DZone Security • 10 января 2022 г. 16:28

If you’re an SRE, you’ve almost certainly heard all about Log4Shell, the Log4j vulnerability that some analysts are calling the worst software security flaw in decades. And you’ve also hopefully by now patched any systems you manage to fix the vulner...... читать далее

security devops vulnerabilities observability sre log4j incident management incident response mitigation log4shell

Безопасность • DZone Security • 7 января 2022 г. 12:44

What is Zero Trust? Zero Trust is a security model that enables the DevSecOps team to deal with vulnerabilities that have arisen with massive digital transformations like cloud adoption, decentralized infrastructure, and container technologi...... читать далее

security devops devsecops zero trust

DevOps • DZone DevOps • 6 января 2022 г. 17:57

DevOps is renowned for fast methodologies, increased security (in the form of DevSecOps), as well as the quick and easy scalability of software development projects. These advantages make it essential for companies to embrace the DevOps culture as a...... читать далее

devops aws aws ec2 aws and devops aws security aws services aws cloudformation aws devops aws rds aws iam

Безопасность • DZone Security • 6 января 2022 г. 16:47

In my previous two articles, we discussed Kubernetes security and created a guideline for enhancing K8s. If you haven't read them yet, here are the links: Hardening Your Kubernetes Cluster - Threat Model (Pt. 1)... читать далее

kubernetes devsecops container security pod

Безопасность • DZone Security • 5 января 2022 г. 11:36

A good DevSecOps strategy goes beyond having the right tools and processes in place: it requires consistent and crucially, bi-directional feedback and learning. Both security and engineering teams have such different priorities and strengths, but tha...... читать далее

collaboration devsecops learning and education bi-directional learning cross-team learning

DevOps • DZone DevOps • 5 января 2022 г. 2:36

Our profession evolves every year, whether through the introduction of a new tool, a new cloud service, or a new working method. This constant evolution requires the establishment of a learning culture to continuously share experiences and ideas, thu...... читать далее

devops kubernetes training devsecops skills observability gitops chaos engineering certification courses course content

DevOps • Автоматизация и DevOps • 20 декабря 2021 г. 14:10

Всем привет! На Хабре вышла новая статья по теме безопасной разработки и DevSecOps: "Безопасная разработка: какую часть Sec занимает в DevSecOps". Сохраню тут копию.Меня зовут Тимур Гильмуллин, я руководитель направления по построению процессов...... читать далее

DevOps DevSecOps безопасность разработка

Безопасность • DZone Security • 20 декабря 2021 г. 8:51

In today’s software development culture, there is an ever-increasing need for management to drive empowerment within their teams. You need to seek out, identify, and empower someone who can act as your team’s security champion. Find at least one cham...... читать далее

application security appsec best practices devsecops integration developer culture security champions

Безопасность • DZone Security • 19 декабря 2021 г. 16:23

Quick Overview The gravest cyber threat of modern times is upon us in the form of CVE-2021-44228. Here are some key resources: CVE-2021-44228: Apache Log4j <=2.14.1 JNDI features do not protect against attacker controlled LDAP and other JNDI rel...... читать далее

security tutorial devsecops appsec infosec open source security log4j2

Безопасность • DZone Security • 19 декабря 2021 г. 16:10

Digital transformation and the speed at which applications are developed and deployed is moving at a rapid pace. Businesses have always competed to see who can be the first to respond to customer needs, mainly in hopes of capturing some of a competit...... читать далее

security devsecops application security appsec

Безопасность • DZone Security • 18 декабря 2021 г. 18:17

The huge advances in 'Shift Left' processes makes it possible to deliver code to production that is secure and largely free from vulnerable dependencies. Among other things, these processes typically involve matching dependencies against public vulne...... читать далее

cyber security devsecops application security information security open source security kubernetes security vulnerability management runtime security

DevOps • DZone DevOps • 18 декабря 2021 г. 17:08

DevSecOps is an abbreviation for development, security, and operations. It’s an approach to software development that encourages the inclusion of security as a shared responsibility throughout the software development lifecycle. Simply put, DevSecOps...... читать далее

security tutorial devops devsecops circleci domain data services webshrinker

Разработка • dev.to • 16 декабря 2021 г. 18:47

TLDR: Download the OSS Log4j Vulnerability Scanning Tools from the JFrog GitHub repository to assess potential Log4j vulnerabilities in your source code or binaries It is estimated that half of all global enterprises have been impacted by the Log4j...... читать далее

log4j java binaries devsecops

DevOps • DZone DevOps • 15 декабря 2021 г. 20:18

With the term "DevOps" gaining popularity every day, there is increased curiosity as to how one can become a DevOps Engineer. If you are curious as to how to become a DevOps Engineer, this article goes on to detail on DevOps, the skills required for...... читать далее

tutorial devops interview questions steps become devops engineer salary for devops engineer

DevOps • DZone DevOps • 15 декабря 2021 г. 19:00

The Need for Speed With Quality The slow speed of feedback to the dev team through the results of manual tests decreases productivity significantly. Re-executing manual tests in every iteration of SDLC is not a sustainable pattern in current world. T...... читать далее

test automation devsecops continuous testing security best practices shift left testing shift left security test pyramid

DevOps • ubuntu.com • 13 декабря 2021 г. 11:35

With rising unit shipments and hardware spending, 2021 will go into the record books as a critical year in the ever-increasing adoption of connected devices. Ubuntu – the modern, open-source Linux operating system for the enterprise server, desktop,...... читать далее

Embedded Linux Internet of things IoT Ubuntu Ubuntu Core

DevOps • DZone DevOps • 8 декабря 2021 г. 14:12

Believe it or not, the year 2022 is right around the corner! So what does next year have in store for the rapidly changing, ever-evolving software world? From code reviews to DevOps, software testing, and tech companies’ culture, here are 22 software...... читать далее

security devops python ai cloud native and kubernetes coding standards trend and forecast trends in ai trends in tech

Безопасность • DZone Security • 7 декабря 2021 г. 10:14

Every company is a software company today, and things change drastically in the software industry. Therefore, organizations are required to be more agile to cope with the ever happening changes in the industry. While DevOps methodologies focused on s...... читать далее

security

Безопасность • DZone Security • 1 декабря 2021 г. 3:54

Serverless reduces a lot of operational burdens, but a secure architecture is still your responsibility. From web threats over IAM principles to auditing and monitoring, learn more about securing serverless architectures in this 2-parter infographic:... читать далее

devops aws serverless devsecops appsec presentation serverless architecture app security secret management iam policy

Безопасность • DZone Security • 29 ноября 2021 г. 19:31

While the relationship between software development and security hasn't always been harmonious, recent research suggests the two are becoming much more aligned. In one study, almost half of developers said they had prioritized learning or improving A...... читать далее

devops developer devsecops appsec code security