SDLC and Tools - Information Technology Zone

How G-Research Used TuringBots To Transform Software Development

Forrester IT

MARCH 21, 2024

As we outlined in previous research, Generative AI assistants known as TuringBots can serve as powerful tools to address some of the broader software development challenges. Specifically they help to automate a wide range of tasks throughout the software development life cycle (SDLC).

Software Development

Software Development Research SDLC Software

Reimagine application modernisation with the power of generative AI

CIO Business Intelligence

JANUARY 15, 2025

The Software Development Life Cycle (SDLC) will be redefined and various job roles will merge into a unified, frictionless workbench of expert creation. Speed: Does it deliver rapid, secure, pre-built tools and resources so developers can focus on quality outcomes for the business rather than risk and integration?

Applications

Applications SDLC Agile Enterprise

Broadcom launches VMware Tanzu Data Services

Network World

NOVEMBER 5, 2024

All in all, he said, it is a “complete set of tools (though not perhaps the ones every individual admin/engineer would have picked) for an MVP [minimum viable product] data service. PostgreSQL and MySQL are perfectly fine relational databases (though you would wonder why not MariaDB), RabbitMQ is great, and Valkey is fine.”

Vmware

Vmware Disaster Recovery Data Backup

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

7 types of tech debt that could cripple your business

CIO Business Intelligence

MARCH 25, 2025

Even modest investments in database tooling and paying down some data management debt can relieve database administrators of the tedium of manual updates or reactive monitoring, says Graham McMillan, CTO of Redgate. AI debt that will require significant rework Gen AI tools and capabilities are introducing new sources of technical debt.

Architecture

Architecture Devops Open Source Database Administration

What executives should know about CNAPP

CIO Business Intelligence

AUGUST 9, 2023

First termed in the Gartner Hype Cycle for Cloud Security, 2021, a cloud-native application protection platform (CNAPP) is, as the name implies, a platform approach for securing applications that are cloud-native across the span of the software development lifecycle (SDLC) of the applications. How did It originate?

SDLC

SDLC Agile Cloud Applications

Getting ahead of cyberattacks with a DevSecOps approach to web application security

CIO Business Intelligence

JUNE 20, 2023

By integrating security practices into the DevOps process, DevSecOps aims to ensure that security is an integral part of the software development life cycle (SDLC). This caused significant bottlenecks in the SDLC and was not conducive to DevOps methodologies, which emphasize development velocity.

Applications

Applications Security SDLC Devops

Aptori Now on Google Cloud Marketplace for AI-Powered Security and Automated Risk Remediation

CIO Business Intelligence

MARCH 12, 2025

Unlike conventional tools, its proprietary semantic reasoning technology understands application logic and behavior in real-time, allowing it to detect complex security flawsincluding business logic vulnerabilities, API misconfigurations, and runtime threatsthat other solutions often miss.

Google

Google Security Cloud SDLC

Scaling security: How to build security into the entire development pipeline

CIO Business Intelligence

OCTOBER 31, 2023

So, how can we instill the security mindset, tooling, and process more to the left to minimize disruption?” The tools not only flag vulnerabilities but also provide just-in-time remediation guidance to the application teams. I’m incredibly proud of how technologists at Discover have collaborated to shift left on security.

Security

Security Development How To SDLC

How to make your developer organization more efficient

CIO Business Intelligence

SEPTEMBER 1, 2023

Streamlining development through tools, knowledge, community DevWorx is a program that simplifies the developer experience, streamlines work, and frees up time to innovate. Employing automation for tasks that many engineers face throughout their SDLC helps to shift focus towards human value-add activities.

Development

Development How To SDLC Engineering

Need for Speed Drives Security-as-a-Service

CIO Business Intelligence

JULY 6, 2023

In fact, 75% of survey respondents say they are adopting or planning to adopt a secure software development lifecycle (SDLC).

Security

Security SDLC Survey Software Development

3 ways CIOs are leading the way to an AI-enabled enterprise

CIO Business Intelligence

SEPTEMBER 6, 2024

1 Determining target areas AI is being used in many different use cases, from enterprise off-the-shelf productivity tools to tailor-made solutions. According to an April 2024 IDC study, CIOs will oversee AI resources in 53 percent of surveyed organizations. 2 CIOs must decide which priorities come first.

Enterprise

Enterprise Enterprise SDLC Budget

What Executives Should Know About Shift-Left Security

CIO Business Intelligence

FEBRUARY 24, 2023

By Zachary Malone, SE Academy Manager at Palo Alto Networks The term “shift left” is a reference to the Software Development Lifecycle (SDLC) that describes the phases of the process developers follow to create an application. Shifting security left in your SDLC program is a priority that executives should be giving their focus to.

Security

Security SDLC Applications Development

What Are Security Guardrails? Why Do They Matter to Your AppSec Program?

SecureWorld News

MAY 19, 2022

Security teams are entirely unprepared to govern and secure the modern SDLC in this agile world. Providing tools and processes to ensure developers can build secure software by default has long been recognized as the best way to avoid security pitfalls and prevent security bugs from being introduced in the SDLC.

SDLC

SDLC Security Programming Devops

Why Transparency and Trust Should Underscore DevOps

SecureWorld News

OCTOBER 25, 2024

By making security considerations visible throughout the SDLC, teams can proactively address potential risks and build more secure software products. Utilize version control systems and monitoring tools to maintain a transparent audit trail of bug reports, feature requests, and code changes.

Devops

Devops SDLC Agile Security

When least privilege is the most important thing

CIO Business Intelligence

NOVEMBER 2, 2023

The supply chain attack zeroed in on a single component of the SolarWinds Orion IT management tool, used by over 30,000 customers, that sent small amounts of telemetry data back to the vendor. Similarly, a compliance tool that plugs into corporate cloud email systems demands read-and-write access to all user mailboxes.

Backup

Backup Information Security Security Cloud

How Kaiser Permanente IT shifted from order taker to influencer

CIO Business Intelligence

APRIL 27, 2022

The traditional SDLC [software development life cycle] of requirements gathering and approval is polite and professional, but it’s slow. That requires IT to say, ‘I appreciate your need for a new tool, but how does that help with what we are doing in other parts of the company? The pandemic created the need for a different approach.

Programming

Programming SDLC Development Video

Is it worth measuring software developer productivity? CIOs weigh in

CIO Business Intelligence

DECEMBER 20, 2023

There are clearly tremendous tools in this space like GitHub Co-Pilot that developers can use to enhance and augment their productivity,” he says. An overall better measurement of how effective developers are is if we can get tools and experiences in our customers’ hands quicker, which will have an overall greater benefit,” he says.

Software Development

Software Development Software Software Development

5 Ways to Prevent Secret Sprawl

SecureWorld News

AUGUST 30, 2021

In the software development life cycle (SDLC), 85% of leaking secrets come from developers sharing information on public personal accounts. This goes to show just how important it is to have the proper training, procedures, and tools in place when it comes to combatting secret sprawl and leaks in your SDLC.

SDLC

SDLC Software Development Software Software

Four Phases of Maturing Enterprise Agile Development

Social, Agile and Transformation

FEBRUARY 16, 2010

Establish the SDLC - As youre team completes iterations successfully, the teams practices will begin to gel into a process. How will you roll out tools that multiple teams can utilize in semi-uniform way? Approximately 30-40% into the pilot project, begin work on the SDLC and the Business / IT relationship - ideally simultaneously.

Agile

Agile Development Enterprise Enterprise

Safeguarding Ethical Development in ChatGPT and Other LLMs

SecureWorld News

AUGUST 7, 2023

This is Part 1 of a three-part series tackling the topic of generative AI tools. In the realm of generative AI tools, such as Language Learning Models (LLMs), it is essential to take a comprehensive approach toward the development and deployment. Why should AI get a pass on S (Secure) SDLC methodologies?

Development

Development SDLC Security Tools

Why Fuzz Testing Is Indispensable: Billy Rios

ForAllSecure

SEPTEMBER 2, 2021

This is a bold statement, especially in the world of application security where strategies are around tool augmentation and diversification, leading to frequent rotation of tools within product security programs. When organizations choose to implement fuzzing in the SDLC, they’re coming in with a different level of commitment.

SDLC

SDLC Programming Applications Security

The DevSecOps Lifecycle: How to Automate Security in Software Development

ForAllSecure

MAY 2, 2023

This includes identifying security requirements, defining security policies , and selecting the appropriate security testing tools. This involves the use of tools and processes to automatically build, test, and deploy code changes to production environments. Today, many development teams trigger deployments using continuous delivery.

Software Development

Software Development Software Software Development

Your AST Guide for the Disenchanted: Part 4

ForAllSecure

OCTOBER 6, 2020

Software composition analysis (SCA) tools can scan binaries to uncover known vulnerabilities. SDLC Phase. Pre-Deployment and post-deployment (vendor dependent); AST solutions integrated earlier in the SDLC is desired for DevSecOps. The majority of software composition analysis tools conduct white-box analysis.

SDLC

SDLC Analysis Open Source Applications

Your AST Guide for the Disenchanted: Part 4

ForAllSecure

OCTOBER 6, 2020

Software composition analysis (SCA) tools can scan binaries to uncover known vulnerabilities. SDLC Phase. Pre-Deployment and post-deployment (vendor dependent); AST solutions integrated earlier in the SDLC is desired for DevSecOps. The majority of software composition analysis tools conduct white-box analysis.

SDLC

SDLC Analysis Open Source Applications

Your AST Guide for the Disenchanted: Part 4

ForAllSecure

SEPTEMBER 25, 2020

Software composition analysis (SCA) tools can scan binaries to uncover known vulnerabilities. SDLC Phase. Pre-Deployment and post-deployment (vendor dependent); AST solutions integrated earlier in the SDLC is desired for DevSecOps. The majority of software composition analysis tools conduct white-box analysis.

SDLC

SDLC Analysis Open Source Applications

Your AST Guide for the Disenchanted: Part 5

ForAllSecure

OCTOBER 20, 2020

Many R&D teams have come to this realization and have armed their developers with static application security testing (SAST) tools that promise to teach their developers to build security into their code. SDLC Phase. Pre-Deployment; AST solutions integrated earlier in the SDLC is desired for DevSecOps. Running state.

SDLC

SDLC Applications Development Security

Your AST Guide for the Disenchanted: Part 5

ForAllSecure

OCTOBER 20, 2020

Many R&D teams have come to this realization and have armed their developers with static application security testing (SAST) tools that promise to teach their developers to build security into their code. SDLC Phase. Pre-Deployment; AST solutions integrated earlier in the SDLC is desired for DevSecOps. Running state.

SDLC

SDLC Applications Security Study

Your AST Guide for the Disenchanted: Part 5

ForAllSecure

OCTOBER 20, 2020

Many R&D teams have come to this realization and have armed their developers with static application security testing (SAST) tools that promise to teach their developers to build security into their code. SDLC Phase. Pre-Deployment; AST solutions integrated earlier in the SDLC is desired for DevSecOps. Running state.

SDLC

SDLC Applications Security Study

How SAST and Mayhem Work Together for Comprehensive Application Security Testing

ForAllSecure

DECEMBER 20, 2022

An application security testing strategy that utilizes different kinds of application security testing tools offers the best coverage by discovering vulnerabilities from each risk category. Static Application Security Testing (SAST), or static analysis tools uncover bugs by analyzing source code.

Applications

Applications SDLC Security Software

The FuzzCon 2021 Real Talks Panel

ForAllSecure

SEPTEMBER 29, 2021

From tooling selection, to value justification, to organizational buy-in, to strategy building, these experts reference their 50+ years of collective industry experience to reveal their personal tips, tricks, and cautionary tales. “You can easily build piles of findings with various tools. Some tools are limited on input type.

SDLC

SDLC Study Programming Development

accessiBe enhances accessFlow with deeper dev team integration

Dataconomy

FEBRUARY 13, 2025

accessiBe has introduced accessFlow 2.0 , an upgraded version of its AI-powered web accessibility tool , designed to help developers embed accessibility directly into their code. By equipping developers and project managers with advanced tools and actionable insights, accessFlow 2.0 AccessFlow 2.0 AccessFlow 2.0 AccessFlow 2.0

SDLC

SDLC Project Management Guidelines Software Development

3 Reasons Developers Should Shift Left for API Security

ForAllSecure

DECEMBER 6, 2022

Mayhem for API is an API testing tool that uses fuzzing automation technology to give developers detailed API testing results in less than five minutes. In the traditional software development life cycle (SDLC), all testing occurs just before the deployment phase. What Is Mayhem for API? Produce Software With Fewer Defects.

Development

Development Security SDLC Software

Can Application Security Testing Be Fixed?

ForAllSecure

SEPTEMBER 15, 2021

When looking for the ideal fuzz testing tool, Shoenfield shares his opinion on what’s needed: straightforward, integrates naturally in the SDLC/IDE, automates processes, delivers understandable and reliable results, indicates faulty code, and is affordable. Oh, did he also mention that your attackers are fuzzing your code?

Applications

Applications Security SDLC Analysis

Software is Infrastructure

ForAllSecure

OCTOBER 23, 2019

In addition, even the best tools required organizational effort to employ as the technique suffers from a fundamental issue of False Positives (the mis-identification of issues which are in fact _not_ defects). These tools generally work on fully developed/deployed applications which fundamentally shifts them rightmost in the SDLC.

Software

Software Software Analysis Programming

Securing Your APIs

ForAllSecure

OCTOBER 27, 2021

We designed Mayhem for API from the ground up to overcome challenges faced by legacy testing tools. This can be used by other tools, like Jenkins, to determine whether the results of the testing can trigger other processes, like failing the build. This architecture allows testing to be ingrained into all aspects of the SDLC.

Security

Security Authentication Applications SDLC

Good, Fast, Cheap: Can CIOs Have them All

Future of CIO

DECEMBER 20, 2012

Generally, applications are tools for people to use in their daily work, so it's necessary for all to have a clear understanding of what a tool is for and, even more important, what it isn't for. The problem, therefore, isn't just in the SDLC, but rather in business oversight and process governance.

SDLC

SDLC Agile Architecture Applications

A Guide To Automated Continuous Security Testing

ForAllSecure

JULY 13, 2021

Continuous testing enables security teams to keep pace with development and operations teams in modern development, and to deliver deep integration and automation of security tooling. These requirements have led to increased interest in emerging techniques that prioritize automation, accuracy, and simplicity.

Security

Security SDLC Software Software

How Fuzzing Redefines Application Security

ForAllSecure

JULY 8, 2021

” If we continue to rely on the same assumptions and apply simplified approaches to this complex problem, we only add the risk of adding yet another technique to the mix, forcing onto vendors another tool they must not only add, but also maintain as a part of their larger application security testing program. This is undesirable.

Applications

Applications Security Analysis SDLC

How Mayhem Is Making AppSec Easy for Small Teams

ForAllSecure

FEBRUARY 2, 2023

Fuzzing is a powerful tool for detecting vulnerabilities in software. Conducting fuzz testing throughout the SDLC (software development lifecycle) has been shown to reduce the costs of production as well as the time to market, since once set up, it can run in the background to discover vulnerabilities and requires little ongoing maintenance.

SDLC

SDLC Budget Applications Security

Software is Infrastructure

ForAllSecure

OCTOBER 23, 2019

In addition, even the best tools required organizational effort to employ as the technique suffers from a fundamental issue of False Positives (the mis-identification of issues which are in fact _not_ defects). These tools generally work on fully developed/deployed applications which fundamentally shifts them rightmost in the SDLC.

Software

Software Software Analysis Programming

SOFTWARE IS INFRASTRUCTURE

ForAllSecure

OCTOBER 23, 2019

In addition, even the best tools required organizational effort to employ as the technique suffers from a fundamental issue of False Positives (the mis-identification of issues which are in fact _not_ defects). These tools generally work on fully developed/deployed applications which fundamentally shifts them rightmost in the SDLC.

Software

Software Software Analysis Programming

FuzzCon 2021 Addresses Ease-of-Use in Fuzz Testing

ForAllSecure

SEPTEMBER 9, 2021

These tools base their checkers and test cases on already known information -- CWEs and/or CVEs. It is also the only DAST technology that’s able to instrument itself into the SDLC, delivering accurate results directly to the developers.

SDLC

SDLC Applications Security Analysis

Challenging ROI Myths Of Static Application Security Testing (SAST)

ForAllSecure

JUNE 23, 2020

Of these defects, we can typically expect approximately 7.5k - 25k to be FPs (and that’s if your SAST tool is good). There are many organizations that adopt SAST simply to claim that some assurance/quality tools were used as part of their development process, especially if it means externally imposed compliance criteria.

Applications

Applications Security Analysis Software

The Evolution of Security Testing

ForAllSecure

JULY 27, 2021

A benchmarking study by the NSA Center for Assured Software found that the average SAST tool covers only 8 out of 13 weakness classes and finds only 22 percent of flaws in each weakness class. Based on these numbers, the average SAST tool is likely to find only 14 percent of the vulnerabilities in an application’s code.

Security

Security Applications Development SDLC

How G-Research Used TuringBots To Transform Software Development

Reimagine application modernisation with the power of generative AI

Webinars

Trending Sources

Broadcom launches VMware Tanzu Data Services

Webinars

7 types of tech debt that could cripple your business

What executives should know about CNAPP

Getting ahead of cyberattacks with a DevSecOps approach to web application security

Aptori Now on Google Cloud Marketplace for AI-Powered Security and Automated Risk Remediation

Scaling security: How to build security into the entire development pipeline

How to make your developer organization more efficient

Need for Speed Drives Security-as-a-Service

3 ways CIOs are leading the way to an AI-enabled enterprise

What Executives Should Know About Shift-Left Security

What Are Security Guardrails? Why Do They Matter to Your AppSec Program?

Why Transparency and Trust Should Underscore DevOps

When least privilege is the most important thing

How Kaiser Permanente IT shifted from order taker to influencer

Is it worth measuring software developer productivity? CIOs weigh in

5 Ways to Prevent Secret Sprawl

Four Phases of Maturing Enterprise Agile Development

Safeguarding Ethical Development in ChatGPT and Other LLMs

Why Fuzz Testing Is Indispensable: Billy Rios

The DevSecOps Lifecycle: How to Automate Security in Software Development

Your AST Guide for the Disenchanted: Part 4

Your AST Guide for the Disenchanted: Part 4

Your AST Guide for the Disenchanted: Part 4

Your AST Guide for the Disenchanted: Part 5

Your AST Guide for the Disenchanted: Part 5

Your AST Guide for the Disenchanted: Part 5

How SAST and Mayhem Work Together for Comprehensive Application Security Testing

The FuzzCon 2021 Real Talks Panel

accessiBe enhances accessFlow with deeper dev team integration

3 Reasons Developers Should Shift Left for API Security

Can Application Security Testing Be Fixed?

Software is Infrastructure

Securing Your APIs

Good, Fast, Cheap: Can CIOs Have them All

A Guide To Automated Continuous Security Testing

How Fuzzing Redefines Application Security

How Mayhem Is Making AppSec Easy for Small Teams

Software is Infrastructure

SOFTWARE IS INFRASTRUCTURE

FuzzCon 2021 Addresses Ease-of-Use in Fuzz Testing

Challenging ROI Myths Of Static Application Security Testing (SAST)

The Evolution of Security Testing

Stay Connected