Security for Startups in a DevOps World: Maintenance and Management - Security Boulevard

Note: This is the second installment in a blog series on startup security in a DevOps world (read the first here). This series is an adaptation of an e-book published in 2017, which was originally contributed to by JumpCloud CEO Rajat Bhargava and guest contributors Alan Shimel and Ben Tomhave. Read their bios below.

When working with technology, startups need to think about security concerns — both initially, when planning infrastructure and choosing solutions, and on an ongoing basis to proactively secure their applications and environment. 

Because startups move quickly and need to remain agile, we recommend they work ongoing security into their existing workflows and cycles and look for security enablers and accelerators within their current tools and environment. The DevOps approach is one of the best ways to accomplish this, as it facilitates fast implementation, quick changes, and better success rates. This blog will discuss ways to approach ongoing security for applications, patch management, logging and monitoring, and incident management with a DevOps mindset. 

Application Security

The DevOps approach poses significant advantages for application development, deployment, and ongoing improvement, from more frequent code deployments to fewer failed change implementations and less outage-induced downtime. With this in mind, it’s important to take a DevOps approach with application security as well as development and deployment. Start by incorporating these three key lessons from DevOps that make application security more important and tangible to development teams: 

1. You break it, you fix it!

In keeping with the culture of DevOps, resolution of security issues should be owned by the developers, not by security personnel. It’s one thing to allow a security expert to follow-up and ensure timely remediation, but culturally, it’s important that developers realize they own the responsibility. 

2. Fail fast, learn faster! 

Shortening feedback cycles is a critical element of DevOps, and this includes security. Application security testing (AST) should occur as early in the process as possible and feedback should be delivered directly to developers so as to more readily own and resolve any issues. 

3. Mistakes are okay, but avoidance (Read more...)

本文来源于: https://securityboulevard.com/2021/07/security-for-startups-in-a-devops-world-maintenance-and-management/

相关推荐

Why It's Critical For the Healthcare Sector to Reassess their Cybersecurity Posture - Security Boulevard

Reflecting on the past two years, it’s impossible to ignore the impact the healthcare industry has had on nearly every c

Anti-Vax Lies Spread on YouTube—Paid for ‘by Russian PR Company’ - Security Boulevard

Disinformation is rife on social media: No news here. But shadowy interests are paying so-called “influencers” to spread

The Software Bill of Materials and Software Development - Security Boulevard

Building secure software using the Software Bill of Materials Photo by Josue Isai Ramos Figueroa on Unsplash In May 2021

Shadow IT, Cloud-Based Malware Increase AppSec Risks - Security Boulevard

Cloud application security risks continue to rise as malware delivered by cloud applications continues to grow, accordin

XKCD 'Commonly Mispronounced Equations' - Security Boulevard

via the comic artistry and dry wit of Randall Munroe, resident at XKCD!

SecWiki-安全维基,汇集国内外优秀安全资讯、工具和网站

安全学习从这里起步 从技术小白到安全专家应该怎么学习,SecWiki提供了一套详细的学习路线图,包含很多职位:Web安全工程师,Windows逆向工程师,Web安全研发工程师等等。

PlugwalkJoe Does the Perp Walk - Security Boulevard

Joseph “PlugwalkJoe” O’Connor, in a photo from a paid press release on Sept. 02, 2020, pitching him as a trustworthy cry

Elasticsearch ECE 7.13.3 - Anonymous Database Dump - Multiple webapps Exploit

GHDB

Leawo Prof. Media 11.0.0.1 - Denial of Service (DoS) (PoC) - Windows dos Exploit

GHDB

NoteBurner 2.35 - Denial Of Service (DoS) (PoC) - Windows webapps Exploit

GHDB

XOS Shop 1.0.9 - 'Multiple' Arbitrary File Deletion (Authenticated) - PHP webapps Exploit

GHDB