New & Notable
Secure software development News
August 07, 2019
In the keynote for Black Hat 2019, Square's Dino Dai Zovi emphasizes security as a collaborative effort by all software teams that relies on communication, automation and feedback.
October 22, 2018
A zero-day in jQuery File Upload could affect thousands of projects because the jQuery plugin vulnerability has existed for eight years and actively exploited for at least three years.
September 25, 2018
Cisco hit by yet another new hardcoded credentials flaw, the latest in a long line of such flaws since last year, this time in its video surveillance manager appliance.
April 19, 2018
Bug bounty programs may seem to offer salvation at a bargain price for securing networks and systems, but Katie Moussouris offers tips for avoiding major pitfalls.
Secure software development Get Started
Bring yourself up to speed with our introductory content
Before implementing a DevSecOps strategy, software developers, security engineers and IT ops pros need a firm grasp on their unique roles in the process. Continue Reading
In this excerpt from Chapter 1 of Securing DevOps: Security in the Cloud, author Julien Vehent describes three principles critical to the DevSecOps model. Continue Reading
To address security early in the application development process, DevSecOps requires a litany of skills and technology literacy. Learn what it takes to be a DevSecOps engineer. Continue Reading
Evaluate Secure software development Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
There are a lot of moving parts to adding security into a DevOps environment. Using application testing DevOps security tools are key to the equation. Continue Reading
Enterprises are more vulnerable than ever before to supply chain threats from third-party apps and modules. Last fall's compromised NPM package is one cautionary tale. Continue Reading
Need better security for apps? The right tools are key, but the right approach just as important. That's why you should consider the quality management system model. Continue Reading
Manage Secure software development
Learn to apply best practices and optimize your operations.
The importance of secure DevOps initiatives can't be denied, but building security into DevOps isn't easy. Explore what needs to change and how those changes can be achieved. Continue Reading
It might not be the most exciting of responsibilities, but the value of enterprise patch management cannot be denied. Review these best practices to build a smooth patching process. Continue Reading
Without DevSecOps, application security can end up on the back burner during application development. Learn how DevSecOps can bake security back into the process. Continue Reading
Problem Solve Secure software development Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
Man-in-the-middle attacks pose a serious threat to both CI/CD tools and the apps those tools support. Learn how these attacks typically occur -- and how to stop them -- to do DevOps securely. Continue Reading
The web is moving to HTTPS. Find out how to encrypt websites using HTTPS to stop eavesdroppers from snooping around sensitive and restricted web data. Continue Reading
Padding oracle attacks have long been well-known and well-understood. Find out how they work and why using modern encryption protocols can reduce the risks. Continue Reading