No Retros | DevSecOps Anti-Patterns

Owen Gotimer Hello everyone. My name is Owen Gotimer. I’m the community manager at TechWell. I’m joined today by Tom Stiehm the CTO at Coveros. Tom, thanks for joining me today. Tom Stiehm Thanks for having me. Owen Gotimer So the anti-pattern we’re going to talk about is no retros. Tom Stiehm So what happens […]

Read more
No Production-Like Test Environment | DevSecOps Anti-Patterns
Wooded lake island water reflection

Owen Gotimer Hello everyone. My name is Owen Gotimer. I’m the community manager at TechWell. I’m joined today by Tom Stiehm the CTO at Coveros. Tom, thanks for joining me today. Tom Stiehm Thanks for having me. Owen Gotimer Another anti-pattern we can chat about is not having a production-like test environment. What are the […]

Read more
Continuous Build | DevSecOps Anti-Patterns
construction workers building a structure

Owen Gotimer Hello everyone. My name is Owen Gotimer. I’m the community manager at TechWell. I’m joined today by Tom Stiehm the CTO at Coveros. Tom, thanks for joining me today. Tom Stiehm Thanks for having me. Owen Gotimer Tom, we’re gonna chat about some DevOps and DevSecOps anti-patterns. Do you want to give a […]

Read more
Never Changing the Incentive Program | DevSecOps Anti-Patterns

Owen Gotimer Hello everyone. My name is Owen Gotimer. I’m the community manager at TechWell. I’m joined today by Tom Stiehm the CTO at Coveros. Tom, thanks for joining me today. Tom Stiehm Thanks for having me. Owen Gotimer Tom, we’re going to chat about some DevOps and DevSecOps anti-patterns, and the first one I […]

Read more
What is RASP?
RASP

RASP stands for Runtime Application Self Protection. Like IAST it’s agent based, so it watches your software run and tries to determine if something is attacking it. The goal of IAST is to try to determine if something’s attacking it by a certain behavior. RASP adds a layer to that by recognizing something’s attacking it […]

Read more
What is IAST?
IAST

IAST stands for Interactive Application Security Testing. The basic idea is that you have software that watches your application running, usually in a Java or .NET world that uses what’s called the profiling API, and it watches everything that happens in your application and tries to determine if that activity is somehow attacking the software. […]

Read more
Shifting Security Left: The Innovation of DevSecOps

Application security, or AppSec, is hard. For development teams, it often comes into development late in a release cycle and demands changes to the software that seem unreasonable. For the AppSec team, being introduced to a project after the application has been designed and much of the code has been written means there will be […]

Read more
Hiring for Agile Team Members

One of my colleagues recently asked me how I interview people who have agile experience listed on their resume. I gave him some pointers, and it got me started thinking, “How do I interview for Agile experience?”. So building on the thoughts I gave him here is what I do. I start by looking at […]

Read more
X