How To and SDLC - Information Technology Zone

Scaling security: How to build security into the entire development pipeline

CIO Business Intelligence

OCTOBER 31, 2023

These advocates can help identify risks and misconfigurations in the code and receive training on how to address them. Some teams know they have to shift left with security, but they don’t know how to do it in a meaningful way,” Panesar said. That’s where our Golden Process documents can help.

Security

Security Development How To SDLC

7 types of tech debt that could cripple your business

CIO Business Intelligence

MARCH 25, 2025

Open source dependency debt that weighs down DevOps As a software developer, writing code feels easier than reviewing someone elses and understanding how to use it. One area CIOs can control is governing whether and how to implement customization to avoid business rule complexities wired into code.

Architecture

Architecture Devops Open Source Database Administration

How to make your developer organization more efficient

CIO Business Intelligence

SEPTEMBER 1, 2023

Employing automation for tasks that many engineers face throughout their SDLC helps to shift focus towards human value-add activities. Reducing manual tasks through automation Automating manual tasks and repetitive processes is crucial for increasing developer efficiency.

Development

Development How To SDLC Engineering

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Cider Security launches application security platform

Venture Beat

MARCH 7, 2022

Cider Security aims to help users gain transparency over the software development life cycle (SDLC) from code development to deployment, while identifying risks in the environment and receiving recommendations on how to improve its overall security posture. Read More.

SDLC

SDLC Security Applications Software Development

Creep

A CIO's Voice

OCTOBER 27, 2010

As managers we know the productivity of the resources involved and how to allocate them, sometimes the requirements gathering fails and so does estimating costs and scheduling deliverables. Users do not know how to communicate what they need. How to prevent scope creep? This is often the case with application development.

SDLC

SDLC Project Management Applications Software Development

Cider Security launches application security platform

Venture Beat

MARCH 8, 2022

Cider Security aims to help users gain transparency over the software development life cycle (SDLC) from code development to deployment, while identifying risks in the environment and receiving recommendations on how to improve its overall security posture. Read More.

SDLC

SDLC Security Applications Software Development

Is it worth measuring software developer productivity? CIOs weigh in

CIO Business Intelligence

DECEMBER 20, 2023

Therefore, engineering leadership should measure software developer productivity, says Mann, but also understand how to do so effectively and be wary of pitfalls. Streamlining to optimize productivity Agile software development is essential to innovate and retain competitiveness.

Software Development

Software Development Software Software Development

Oracle Business Intelligence Migration with FlexDeploy

Flexagon

MARCH 11, 2021

FlexDeploy’s growing investment in Oracle Business Intelligence products makes it simple to incorporate CI/CD best practices into your SDLC.

Business Intelligence

Business Intelligence Oracle SDLC Enterprise

Four Phases of Maturing Enterprise Agile Development

Social, Agile and Transformation

FEBRUARY 16, 2010

Your coach will probably have a program, but heres one on How to Implement Scrum in 10 Easy Steps. Establish the SDLC - As youre team completes iterations successfully, the teams practices will begin to gel into a process. Also, see my Top Ten Thoughts for SCRUM Newbies. Cant believe I wrote this almost a year ago!). product lines?

Agile

Agile Development Enterprise Enterprise

The DevSecOps Lifecycle: How to Automate Security in Software Development

ForAllSecure

MAY 2, 2023

In this blog post, we will explore the DevSecOps lifecycle, which software development lifecycle approach is most compatible with DevSecOps principles, and how to automate DevSecOps testing in your organization. Improved software quality : Integrating security into the SDLC improves the overall quality of the software.

Software Development

Software Development Software Software Development

Your AST Guide for the Disenchanted: Part 4

ForAllSecure

OCTOBER 6, 2020

SDLC Phase. Pre-Deployment and post-deployment (vendor dependent); AST solutions integrated earlier in the SDLC is desired for DevSecOps. Until next time… In this post of AST Guide for the Disenchanted , we covered how to address known vulnerabilities using SCA as a part of your DevSecOps pipeline.

SDLC

SDLC Analysis Open Source Applications

Your AST Guide for the Disenchanted: Part 4

ForAllSecure

OCTOBER 6, 2020

SDLC Phase. Pre-Deployment and post-deployment (vendor dependent); AST solutions integrated earlier in the SDLC is desired for DevSecOps. Until next time… In this post of AST Guide for the Disenchanted , we covered how to address known vulnerabilities using SCA as a part of your DevSecOps pipeline.

SDLC

SDLC Analysis Open Source Applications

Your AST Guide for the Disenchanted: Part 4

ForAllSecure

SEPTEMBER 25, 2020

SDLC Phase. Pre-Deployment and post-deployment (vendor dependent); AST solutions integrated earlier in the SDLC is desired for DevSecOps. Until next time… In this post of AST Guide for the Disenchanted , we covered how to address known vulnerabilities using SCA as a part of your DevSecOps pipeline.

SDLC

SDLC Analysis Open Source Applications

3 Reasons Developers Should Shift Left for API Security

ForAllSecure

DECEMBER 6, 2022

In the traditional software development life cycle (SDLC), all testing occurs just before the deployment phase. How Mayhem for API Can Help: Mayhem for API flags your API defects in real time, commit-by-commit or build-by-build , and provides you with context for each issue, including: Hints that describe the problem.

Development

Development Security SDLC Software

Can Application Security Testing Be Fixed?

ForAllSecure

SEPTEMBER 15, 2021

At the end of the day, developers merely want to know what the bug is and how to fix it. While static analyzers may be “good” at finding “stuff”, that quantity does not necessarily equate to value. They want one bug for the problem, not forty. At that point, you really ought to do it, Shoenfield advises.

Applications

Applications Security SDLC Analysis

Good, Fast, Cheap: Can CIOs Have them All

Future of CIO

DECEMBER 20, 2012

It is becoming increasingly possible to achieve all three with different/creative SDLC methodologies, cloud technologies (IaaS, PaaS) and appropriate leveraging of global solutions. The problem, therefore, isn't just in the SDLC, but rather in business oversight and process governance. Follow us at: @Pearl_Zhu.

SDLC

SDLC Agile Architecture Applications

Leveraging Fuzz Testing to Achieve ED-203A / DO-356A

ForAllSecure

JUNE 7, 2021

For example, Microsoft includes fuzzing in their Security Development Lifecycle (SDLC), and Google uses fuzzing on all components of the Chrome web browser. How to map fuzz testing to ED-203A / DO-356A. Teams at Google, for example, report that 80% of all bugs are found via fuzzing, up to 98.6%

Analysis

Analysis Security Software Software

Leveraging Fuzz Testing to Achieve ED-203A / DO-356A

ForAllSecure

JUNE 7, 2021

For example, Microsoft includes fuzzing in their Security Development Lifecycle (SDLC), and Google uses fuzzing on all components of the Chrome web browser. How to map fuzz testing to ED-203A / DO-356A. Teams at Google, for example, report that 80% of all bugs are found via fuzzing, up to 98.6%

Analysis

Analysis Security Software Software

Three Aspects of Enterprise Architecture Governance

Future of CIO

OCTOBER 26, 2013

But what’re the correlations of Enterprise Governance, EA Governance and IT Governance, and how to achieve high performing business results based on high mature governance? EA governance is a coherent set of rules defined up-front, if possible all decisions are taken by the consensus otherwise it is a choice of the chief architect.

Architecture

Architecture Government Enterprise Enterprise

The Evolution of Security Testing

ForAllSecure

JULY 27, 2021

Fuzz testing is a heavy-weight yet versatile DAST solution that is able to conduct multiple types of testing across the SDLC. Guided fuzzers can be powerful with guidance from a technical security expert to help inform the fuzzer how to traverse through the code. It’s also proven technology.

Security

Security Applications Development SDLC

The Hacker Mind Podcast: Hacking With Light And Sound

ForAllSecure

SEPTEMBER 29, 2020

In fact, it's so easy we demonstrated this at a elementary school museum where the museum shows kids how to use lasers to inject voices. I show six year old children how to put their voice in here with the laser beam it's it's really not that hard. But really it’s not. Fu: It's not even that hard. Once you understand the physics.

Research

Research Engineering Examples System

The Hacker Mind Podcast: Hacking With Light And Sound

ForAllSecure

SEPTEMBER 29, 2020

In fact, it's so easy we demonstrated this at a elementary school museum where the museum shows kids how to use lasers to inject voices. I show six year old children how to put their voice in here with the laser beam it's it's really not that hard. But really it’s not. Fu: It's not even that hard. Once you understand the physics.

Research

Research Engineering Examples System

The Hacker Mind Podcast: Hacking With Light And Sound

ForAllSecure

SEPTEMBER 28, 2020

In fact, it's so easy we demonstrated this at a elementary school museum where the museum shows kids how to use lasers to inject voices. I show six year old children how to put their voice in here with the laser beam it's it's really not that hard. But really it’s not. Fu: It's not even that hard. Once you understand the physics.

Research

Research Engineering Examples System

The CyberWire Daily Podcast EP. 389 With Guest Speaker David Brumley

ForAllSecure

AUGUST 14, 2019

David Brumley: [00:07:01] I think everyone accepts the notion, and they're trying to figure out how to implement it right now. Dave Bittner: [00:07:05] And so how is that going? This 20 minute podcast is available for listening below. The full transcript is also available below.

Security

Security Applications Development Financial

The CyberWire Daily Podcast EP. 389 With Guest Speaker David Brumley

ForAllSecure

AUGUST 14, 2019

David Brumley: [00:07:01] I think everyone accepts the notion, and they're trying to figure out how to implement it right now. Dave Bittner: [00:07:05] And so how is that going? This 20 minute podcast is available for listening below. The full transcript is also available below.

Security

Security Applications Development Financial

THE CYBERWIRE DAILY PODCAST EP. 389 WITH GUEST SPEAKER DAVID BRUMLEY

ForAllSecure

AUGUST 14, 2019

David Brumley: [00:07:01] I think everyone accepts the notion, and they're trying to figure out how to implement it right now. Dave Bittner: [00:07:05] And so how is that going? This 20 minute podcast is available for listening below. The full transcript is also available below.

Security

Security Applications Development Financial

Meet The Team Behind Mayhem: Come See Us At These Upcoming April 2023 Events

ForAllSecure

MARCH 31, 2023

Webinar: How to Increase Test Coverage (And Confidence!) With Mayhem for API In this webinar, you'll learn how to increase your API testing coverage and build confidence in your code with Mayhem. Learn how to set up Mayhem for API testing and configure it to meet your testing needs. We’d love to meet you!

Meeting

Meeting Automotive Open Source Devops

What CEOs really need from today’s CIOs

CIO Business Intelligence

AUGUST 3, 2022

But don’t attempt to create a modern software development lifecycle (SDLC) on an industrial era infrastructure. It is a mindset that lets us zoom in to think vertically about how we deliver to the farmer, vet, and pet owner, and then zoom out to think horizontally about how to make the solutions reusable, scalable, and secure.

Architecture

Architecture Software Software Cloud

Key Takeaways From ForAllSecure's, “Achieving Development Speed And Code Quality With Behavior Testing” Webinar

ForAllSecure

AUGUST 21, 2019

While SAST have their place in the SDLC and offer tremendous benefits, they unfortunately are not the ideal technique for automation and autonomous security testing. On the other hand, symbolic execution slowly yet methodically systemizes and informs how to intelligently craft inputs.

Development

Development Security Devops Applications

Key Takeaways From ForAllSecure's, “Achieving Development Speed And Code Quality With Behavior Testing” Webinar

ForAllSecure

AUGUST 21, 2019

While SAST have their place in the SDLC and offer tremendous benefits, they unfortunately are not the ideal technique for automation and autonomous security testing. On the other hand, symbolic execution slowly yet methodically systemizes and informs how to intelligently craft inputs.

Development

Development Security Devops Applications

KEY TAKEAWAYS FROM FORALLSECURE’S, “ACHIEVING DEVELOPMENT SPEED AND CODE QUALITY WITH NEXT-GENERATION FUZZING” WEBINAR

ForAllSecure

AUGUST 21, 2019

While SAST have their place in the SDLC and offer tremendous benefits, they unfortunately are not the ideal technique for automation and autonomous security testing. On the other hand, symbolic execution slowly yet methodically systemizes and informs how to intelligently craft inputs.

Development

Development Security Devops Applications

Information Technology Zone

Scaling security: How to build security into the entire development pipeline

7 types of tech debt that could cripple your business

Webinars

Trending Sources

How to make your developer organization more efficient

Webinars

Cider Security launches application security platform

Creep

Cider Security launches application security platform

Is it worth measuring software developer productivity? CIOs weigh in

Oracle Business Intelligence Migration with FlexDeploy

Four Phases of Maturing Enterprise Agile Development

The DevSecOps Lifecycle: How to Automate Security in Software Development

Your AST Guide for the Disenchanted: Part 4

Your AST Guide for the Disenchanted: Part 4

Your AST Guide for the Disenchanted: Part 4

3 Reasons Developers Should Shift Left for API Security

Can Application Security Testing Be Fixed?

Good, Fast, Cheap: Can CIOs Have them All

Leveraging Fuzz Testing to Achieve ED-203A / DO-356A

Leveraging Fuzz Testing to Achieve ED-203A / DO-356A

Three Aspects of Enterprise Architecture Governance

The Evolution of Security Testing

The Hacker Mind Podcast: Hacking With Light And Sound

The Hacker Mind Podcast: Hacking With Light And Sound

The Hacker Mind Podcast: Hacking With Light And Sound

The CyberWire Daily Podcast EP. 389 With Guest Speaker David Brumley

The CyberWire Daily Podcast EP. 389 With Guest Speaker David Brumley

THE CYBERWIRE DAILY PODCAST EP. 389 WITH GUEST SPEAKER DAVID BRUMLEY

Meet The Team Behind Mayhem: Come See Us At These Upcoming April 2023 Events

What CEOs really need from today’s CIOs

Key Takeaways From ForAllSecure's, “Achieving Development Speed And Code Quality With Behavior Testing” Webinar

Key Takeaways From ForAllSecure's, “Achieving Development Speed And Code Quality With Behavior Testing” Webinar

KEY TAKEAWAYS FROM FORALLSECURE’S, “ACHIEVING DEVELOPMENT SPEED AND CODE QUALITY WITH NEXT-GENERATION FUZZING” WEBINAR

Stay Connected