Application Security Testing: A Successful Part Of Your DevOps Program

Three Effective Ways to Make Application Security Testing a Successful Part of Your DevOps Program

I co-authored this post about empowering application security with Constantine Grancharov, Product Manager, Application Security Solutions at IBM.

From the latest agile development tools to innovative delivery platforms such as containers, DevOps is changing how people and businesses work.

But the novel software development approach of DevOps can also result in unique challenges, one of the most significant of which is application software security testing. How do you balance the need for quick software releases while protecting sensitive customer and company data?

Marrying DevOps and Application Security Testing

As DevOps transforms the way software is developed and delivered, it requires a fresh look at application security. IBM and Black Duck Software are working together to help you.

Recently, we hosted a webinar that outlined the unique application security challenges posed by DevOps and simple steps organizations can take to properly address them. Three of the key steps were to start with automation, customize security gates and test for vulnerabilities.

Starting With Automation

The world of DevOps is agile and fast-paced. To avoid slowing down the process, security testing methods must be automated within the DevOps environment. A great place to start is by integrating application security testing with continuous integration tools and running your testing at the exact point it’s needed. This enables your DevOps environment to hum along while protecting applications from potential vulnerabilities.

Customizing Security Gates

No two DevOps processes are alike; each application you build has unique development and security needs. Internally facing applications may require less stringent application testing than externally facing ones. In addition, you may be using containers like Docker to deploy your applications.

Know who your applications will serve and the level of data sensitivity associated with each application, and then determine how they’ll be delivered. This will enable you to design the proper application security testing gates at the right points in the DevOps process.

Read the complete post about empowering application security at IBM’s Security Intelligence site.

Find the Right Open Source Security Testing Tools

0 Comments
Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.
0 Comments

MORE BY THIS AUTHOR

HIPAA Compliance for the Software You Build

| Jul 11, 2017

Attacks on electronic health records (EHRs), ransomware blocking access to treatment in the UK’s National Health System, and vulnerabilities in medical devices have all been in the news recently. Settlements and penalties for HIPAA violations are becoming more common as well. For software and

| MORE >

6 Recommendations for Healthcare Cybersecurity

| Jun 12, 2017

Early last year, in response to the Cybersecurity Act of 2015, the US Department of Health and Human Services (HHS) established The Health Care Industry Cybersecurity Task Force. This month the task force published its recommendations to improve healthcare cybersecurity. While non-binding

| MORE >

Are Medical Devices the Next Ransomware Target?

| Jun 5, 2017

Hacker News’ top story today was on vulnerabilities found in implantable pacemakers. It’s a troubling thought, particularly in conjunction with the recent (and preventable) ransomware attacks. What would you pay to unlock your pacemaker? Is it a real risk?  Fans of Showtime’s Homeland would tell

| MORE >