DevSecOps and automated security

Need to deliver code quickly without compromising security? Get independent, expert information on DevSecOps approaches, including shift left and other ways to build security into the SDLC. Read about automated security testing tools and security testing best practices in software development.

December 15, 2021 15 Dec'21
Log4j vulnerability nightmare: A DevSecOps wake-up call

DevSecOps can help mitigate the Log4j vulnerability, but it's unclear whether this latest cybersecurity crisis will bring about lasting adoption in the industry.
December 10, 2021 10 Dec'21
'Shift left' doesn't complete DevSecOps story for fintech

An online banking SaaS company trained its developers to code securely, but API security also required "shifting right" to bolster production-level monitoring tools and training.
December 01, 2021 01 Dec'21
AWS DevSecOps tools build in advanced features

Enterprises stand to benefit from new AWS DevSecOps features, even if they don't use them, as analysts say they set a new baseline for third-party vendors to differentiate against.
September 23, 2021 23 Sep'21
Logistics firm refreshes SecOps, replaces EDR with XDR

A refresh of SecOps tools led Flexport to Uptycs, enabling the firm to centralize security monitoring and incident response for endpoints and cloud resources.

Bring yourself up to speed with our introductory content

bug

In computer technology, a bug is a coding error in a computer program. Continue Reading
SQL injection

A SQL injection is a technique that attackers use to gain unauthorized access to a web application database by adding a string of malicious code to a database query. Continue Reading
obfuscation

Obfuscation means to make something difficult to understand. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

Cloud application developers need built-in security

Enterprises plan to increase cloud application security spending in 2022. Find out how security vendors and cloud application developers can meet their needs. Continue Reading
Sonatype Nexus vs. JFrog: Pick an open source security scanner

Chances are your organization relies on open source code. But how do you manage code vulnerabilities? Find a product best suited for your needs in this Sonatype Nexus vs. JFrog comparison. Continue Reading
What's in store for software development trends in 2020?

New year, new IT priorities. While not all initiatives stick, these development and testing trends will shape how teams create, evaluate and deploy software. Get ahead of the curve. Continue Reading

Learn to apply best practices and optimize your operations.

SAST vs. DAST vs. IAST: Security testing tool comparison

Before your team decides upon a security testing tool, take into account both the methods and limitations of SAST, DAST and IAST. Consider what each approach brings to the table. Continue Reading
Why developers should consider automated threat modeling

Traditional threat modeling is hard. Can automated threat modeling make development and security teams' lives easier? Continue Reading
7 SOC automation use cases to augment security operations

Implementing SOC automation can have far-reaching benefits for an organization's infosec program and security culture. Learn how by exploring these seven use cases of AI in SOCs. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

How to mitigate Log4Shell, the Log4j vulnerability

The easy-to-exploit Log4j vulnerability known as Log4Shell is dangerous and must be dealt with as soon as possible. Get pointers on how to mitigate and monitor the threat. Continue Reading
3 steps to secure codebase updates, prevent vulnerabilities

Codebase updates are critical, but what about when they introduce vulnerabilities? These three steps will help app developers secure codebase updates and keep their apps safe. Continue Reading
How to patch your open source software vulnerabilities

No matter how big your software vulnerabilities backlog has grown, here's how you can tackle it, and get on the path to continuous security monitoring. Continue Reading