In Las Vegas, agile and DevOps leaders discuss challenges and approaches for driving transformations that actually work.
In Las Vegas, agile and DevOps leaders discuss challenges and approaches for driving transformations that actually work.
Application Security pioneer and OWASP co-founder Jeff Williams discusses software supply chain attacks with Coveros CEO Jeff Payne.
Software security expert and CEO Jeff Payne discusses best practices for protecting your software delivery process from supply chain attacks in our next Coveros Conversation.
Explore some pros and cons of Bottlerocket, the Linux-based open-source operating system by Amazon Web Services for running containers.
Explore four different threat modeling methodologies—STRIDE, PASTA, Trike, VAST—and assess their strengths and weaknesses.
Dependency Checking Your Ruby Application Checking your application’s dependencies for known vulnerabilities is a critical, relatively low effort step you should take to secure your application, which you may have read about in another recent article: What is SCA? Compared to the wealth of tools used for dependency checking in, for example JavaScript, there’s not […]
One of the most prevalent issues that continue to vex application developers is weaknesses in database security that open us to exploit. Database security is a broad subject, and I will not cover all the security issues here but want to provide context and understanding around some of the more comment vulnerabilities. In this blog, […]
Application security, or AppSec, is hard. For development teams, it often comes into development late in a release cycle and demands changes to the software that seem unreasonable. For the AppSec team, being introduced to a project after the application has been designed and much of the code has been written means there will be […]
Gene Gotimer, senior architect at Coveros Inc., discusses understanding the role of QA in DevOps, DevOps educational tools, trusting your team, and paid and open source security tools.
Every day organizations incorporate DevSecOps into their software development, security, and operations practices to ensure they can build critical security controls into their agile software delivery. According to one survey, 84 percent of respondents said it’s difficult to reduce risk to their applications because they’re not able to monitor, detect, and prevent attacks at the application level. […]