Devops, SDLC and Tools - Information Technology Zone

7 types of tech debt that could cripple your business

CIO Business Intelligence

MARCH 25, 2025

Even modest investments in database tooling and paying down some data management debt can relieve database administrators of the tedium of manual updates or reactive monitoring, says Graham McMillan, CTO of Redgate. AI debt that will require significant rework Gen AI tools and capabilities are introducing new sources of technical debt.

Architecture

Architecture Devops Open Source Database Administration

Reimagine application modernisation with the power of generative AI

CIO Business Intelligence

JANUARY 15, 2025

The Software Development Life Cycle (SDLC) will be redefined and various job roles will merge into a unified, frictionless workbench of expert creation. Speed: Does it deliver rapid, secure, pre-built tools and resources so developers can focus on quality outcomes for the business rather than risk and integration?

Applications

Applications SDLC Agile Enterprise

Getting ahead of cyberattacks with a DevSecOps approach to web application security

CIO Business Intelligence

JUNE 20, 2023

According to GitLab’s 2023 Global DevSecOps Report , 56% of organizations report using DevOps or DevSecOps methodologies, growing roughly 10% from 2022, for improved security, higher developer velocity, cost and time savings, and better collaboration. What is DevSecOps?

Applications

Applications Security SDLC Devops

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Why Transparency and Trust Should Underscore DevOps

SecureWorld News

OCTOBER 25, 2024

The dynamic and ever-evolving world of DevOps requires businesses to deliver high-quality software, under pressure, at an accelerated pace. As cybersecurity concerns continue to grow, many organizations are also now embracing DevSecOps, integrating many security practices throughout the DevOps process.

Devops

Devops SDLC Agile Security

What Are Security Guardrails? Why Do They Matter to Your AppSec Program?

SecureWorld News

MAY 19, 2022

The wide adoption of cloud-native applications and infrastructure has propelled DevOps and a self-service culture enabling developers to go from code to cloud in hours. Security teams are entirely unprepared to govern and secure the modern SDLC in this agile world. What are security guardrails? What are security guardrails?

SDLC

SDLC Security Programming Devops

What Executives Should Know About Shift-Left Security

CIO Business Intelligence

FEBRUARY 24, 2023

By Zachary Malone, SE Academy Manager at Palo Alto Networks The term “shift left” is a reference to the Software Development Lifecycle (SDLC) that describes the phases of the process developers follow to create an application. Shifting security left in your SDLC program is a priority that executives should be giving their focus to.

Security

Security SDLC Applications Development

Is it worth measuring software developer productivity? CIOs weigh in

CIO Business Intelligence

DECEMBER 20, 2023

There are clearly tremendous tools in this space like GitHub Co-Pilot that developers can use to enhance and augment their productivity,” he says. An overall better measurement of how effective developers are is if we can get tools and experiences in our customers’ hands quicker, which will have an overall greater benefit,” he says.

Software Development

Software Development Software Software Development

5 Ways to Prevent Secret Sprawl

SecureWorld News

AUGUST 30, 2021

In the software development life cycle (SDLC), 85% of leaking secrets come from developers sharing information on public personal accounts. This goes to show just how important it is to have the proper training, procedures, and tools in place when it comes to combatting secret sprawl and leaks in your SDLC.

SDLC

SDLC Software Development Software Software

The DevSecOps Lifecycle: How to Automate Security in Software Development

ForAllSecure

MAY 2, 2023

This includes identifying security requirements, defining security policies , and selecting the appropriate security testing tools. However, the DevSecOps lifecycle follows the DevOps approach, which shifted the responsibility of deploying the application from operations teams to development teams.

Software Development

Software Development Software Software Development

How Fuzzing Redefines Application Security

ForAllSecure

JULY 8, 2021

” If we continue to rely on the same assumptions and apply simplified approaches to this complex problem, we only add the risk of adding yet another technique to the mix, forcing onto vendors another tool they must not only add, but also maintain as a part of their larger application security testing program. This is undesirable.

Applications

Applications Security Analysis SDLC

FuzzCon 2021 Addresses Ease-of-Use in Fuzz Testing

ForAllSecure

SEPTEMBER 9, 2021

The advent of CI/CD, DevOps, and Digital Transformation has rendered application security testing 1.0 These tools base their checkers and test cases on already known information -- CWEs and/or CVEs. We host FuzzCon because we believe in the importance of proliferating fuzz testing to every organization.

SDLC

SDLC Security Applications Analysis

Key Takeaways From ForAllSecure's, “Achieving Development Speed And Code Quality With Behavior Testing” Webinar

ForAllSecure

AUGUST 21, 2019

When guided fuzzing is coupled with a new research area known as symbolic execution, this accepted technique takes on automation and even autonomous characteristics that now allow it to fit seamlessly into DevOps environments to boost -- not hamper -- developer productivity.

Development

Development Security Devops Applications

The Evolution of Security Testing

ForAllSecure

JULY 27, 2021

A benchmarking study by the NSA Center for Assured Software found that the average SAST tool covers only 8 out of 13 weakness classes and finds only 22 percent of flaws in each weakness class. Based on these numbers, the average SAST tool is likely to find only 14 percent of the vulnerabilities in an application’s code.

Security

Security Applications Development SDLC

Key Takeaways From ForAllSecure's, “Achieving Development Speed And Code Quality With Behavior Testing” Webinar

ForAllSecure

AUGUST 21, 2019

When guided fuzzing is coupled with a new research area known as symbolic execution, this accepted technique takes on automation and even autonomous characteristics that now allow it to fit seamlessly into DevOps environments to boost -- not hamper -- developer productivity.

Development

Development Security Devops Applications

KEY TAKEAWAYS FROM FORALLSECURE’S, “ACHIEVING DEVELOPMENT SPEED AND CODE QUALITY WITH NEXT-GENERATION FUZZING” WEBINAR

ForAllSecure

AUGUST 21, 2019

When guided fuzzing is coupled with a new research area known as symbolic execution, this accepted technique takes on automation and even autonomous characteristics that now allow it to fit seamlessly into DevOps environments to boost -- not hamper -- developer productivity.

Development

Development Security Devops Applications

The CyberWire Daily Podcast EP. 389 With Guest Speaker David Brumley

ForAllSecure

AUGUST 14, 2019

The cloud may help development and application teams move fast, but for security teams already dealing with alert fatigue, tool sprawl and legacy workflows, cloud adoption means a lot more stress. The SyTech projects exposed included social media monitoring solutions and TOR deanonymization tools. Pegasus is pricey.

Security

Security Applications Development Financial

The CyberWire Daily Podcast EP. 389 With Guest Speaker David Brumley

ForAllSecure

AUGUST 14, 2019

The cloud may help development and application teams move fast, but for security teams already dealing with alert fatigue, tool sprawl and legacy workflows, cloud adoption means a lot more stress. The SyTech projects exposed included social media monitoring solutions and TOR deanonymization tools. Pegasus is pricey.

Security

Security Applications Development Financial

THE CYBERWIRE DAILY PODCAST EP. 389 WITH GUEST SPEAKER DAVID BRUMLEY

ForAllSecure

AUGUST 14, 2019

The cloud may help development and application teams move fast, but for security teams already dealing with alert fatigue, tool sprawl and legacy workflows, cloud adoption means a lot more stress. The SyTech projects exposed included social media monitoring solutions and TOR deanonymization tools. Pegasus is pricey.

Security

Security Applications Development Financial

Meet The Team Behind Mayhem: Come See Us At These Upcoming April 2023 Events

ForAllSecure

MARCH 31, 2023

DevSecOps Days DevOps Connect: DevSecOps at RSAC is a program within the RSA Conference that explores different ways to effectively integrate security into DevOps processes, discusses the emergence of security engineers in DevOps, and explores the role of developer security champions. Register for the RSA Conference here.

Meeting

Meeting Automotive Open Source Devops

Software is Infrastructure

ForAllSecure

OCTOBER 23, 2019

In addition, even the best tools required organizational effort to employ as the technique suffers from a fundamental issue of False Positives (the mis-identification of issues which are in fact _not_ defects). These tools generally work on fully developed/deployed applications which fundamentally shifts them rightmost in the SDLC.

Software

Software Software Analysis Programming

Software is Infrastructure

ForAllSecure

OCTOBER 23, 2019

In addition, even the best tools required organizational effort to employ as the technique suffers from a fundamental issue of False Positives (the mis-identification of issues which are in fact _not_ defects). These tools generally work on fully developed/deployed applications which fundamentally shifts them rightmost in the SDLC.

Software

Software Software Analysis Programming

SOFTWARE IS INFRASTRUCTURE

ForAllSecure

OCTOBER 23, 2019

In addition, even the best tools required organizational effort to employ as the technique suffers from a fundamental issue of False Positives (the mis-identification of issues which are in fact _not_ defects). These tools generally work on fully developed/deployed applications which fundamentally shifts them rightmost in the SDLC.

Software

Software Software Analysis Programming

Reimagine application modernisation with the power of generative AI

CIO Business Intelligence

JANUARY 15, 2025

The Software Development Life Cycle (SDLC) will be redefined and various job roles will merge into a unified, frictionless workbench of expert creation. Speed: Does it deliver rapid, secure, pre-built tools and resources so developers can focus on quality outcomes for the business rather than risk and integration?

Applications

Applications SDLC Agile Enterprise

Reimagine application modernisation with the power of generative AI

CIO Business Intelligence

JANUARY 15, 2025

The Software Development Life Cycle (SDLC) will be redefined and various job roles will merge into a unified, frictionless workbench of expert creation. Speed: Does it deliver rapid, secure, pre-built tools and resources so developers can focus on quality outcomes for the business rather than risk and integration?

Applications

Applications SDLC Agile Enterprise

Information Technology Zone

7 types of tech debt that could cripple your business

Reimagine application modernisation with the power of generative AI

Webinars

Trending Sources

Getting ahead of cyberattacks with a DevSecOps approach to web application security

Webinars

Why Transparency and Trust Should Underscore DevOps

What Are Security Guardrails? Why Do They Matter to Your AppSec Program?

What Executives Should Know About Shift-Left Security

Is it worth measuring software developer productivity? CIOs weigh in

5 Ways to Prevent Secret Sprawl

The DevSecOps Lifecycle: How to Automate Security in Software Development

How Fuzzing Redefines Application Security

FuzzCon 2021 Addresses Ease-of-Use in Fuzz Testing

Key Takeaways From ForAllSecure's, “Achieving Development Speed And Code Quality With Behavior Testing” Webinar

The Evolution of Security Testing

Key Takeaways From ForAllSecure's, “Achieving Development Speed And Code Quality With Behavior Testing” Webinar

KEY TAKEAWAYS FROM FORALLSECURE’S, “ACHIEVING DEVELOPMENT SPEED AND CODE QUALITY WITH NEXT-GENERATION FUZZING” WEBINAR

The CyberWire Daily Podcast EP. 389 With Guest Speaker David Brumley

The CyberWire Daily Podcast EP. 389 With Guest Speaker David Brumley

THE CYBERWIRE DAILY PODCAST EP. 389 WITH GUEST SPEAKER DAVID BRUMLEY

Meet The Team Behind Mayhem: Come See Us At These Upcoming April 2023 Events

Software is Infrastructure

Software is Infrastructure

SOFTWARE IS INFRASTRUCTURE

Reimagine application modernisation with the power of generative AI

Reimagine application modernisation with the power of generative AI

Stay Connected