Early in the software engineering journey, there were primarily developers. Developers had a wide array of accountabilities: designing, coding, testing, deploying, maintaining, and more. Quality was inherently built in and championed by the triad of the customer, the business, and the developers. As we scaled, we segmented these responsibilities across roles, which came with both […]
Owen Gotimer Hello everyone. My name is Owen Gotimer. I’m the community manager at TechWell. I’m joined today by Tom Stiehm the CTO at Coveros. Tom, thanks for joining me today. Tom Stiehm Thanks for having me. Owen Gotimer Tom, we’re going to chat about some DevOps and DevSecOps anti-patterns, and the first one I […]
Scrum. Kanban. Lean. XP. SAFe. RUP. Scrum of Scrums. There are many frameworks available to organizations that are maturing their agile software development process. However, the use of some frameworks can help reinforce agile behaviors, while others can be degenerative and actually drive an organization to revert to more waterfall-like software development. The choice of […]
While it is nice when an enterprise recognizes the value of getting everyone working together in an end-to-end value stream, the reality is that’s not where most DevOps initiatives start. Often, one particular silo decides there is value in working more closely with others and seeks ways to do so. I call this “DevOps in […]
Artificial intelligence is one of the fastest growing fields in the technology world, but there’s still a lot of uncertainty surrounding what truly qualifies as AI, the different types of AI, and how quickly AI is advancing. First, it’s important to set a framework about what AI is. While there isn’t one accepted definition, most […]
Welcome to the second half of my two-part blog on Understanding Session Management. In part 1, we covered what was session management and started digging into some possible attack types associated with this vulnerability. Here we will continue to look into other associated attack types. 4. Cross-Site Request Forgery (CSRF) – Severity: High “Cross-Site Request […]
Session Management has always been one of the OWASP Top 10. Take a look of the most recent two OWASP Top 10s. Top 10, 2013: A2 – Broken Authentication and Session Management Top 10, 2017: A2 – Broken Authentication Under the description of A2 of Top 10, 2017, it says, “Application functions related to authentication […]
What is application security, or AppSec? Let’s talk about web application security first. OWASP was created in 2001 and has been known as the best community for web application security. Volumes of online resources for web application security defects, security testing, and security projects have been produced by OWASP. Yet web application security is only […]
(…and 1 that Doesn’t!) In my last blog post, I discussed why agile feedback is such an integral practice for high-performing teams. Feedback allows teams to effectively collaborate, communicate, and iterate to create a high-quality, polished product. While these qualities are always important, practice is even more invaluable during a time of physical distancing. When […]
In the current world climate of a global pandemic, many companies have transitioned to working from home. But there are many professionals, including myself, that have worked from home even before the emergence of COVID-19. Working from home can be a difficult transition, especially if it was sudden, but there are many tips and tricks […]
