Security

Articles

	DevSecOps: Incorporate Security into DevOps to Reduce Software Risk DevSecOps is a growing movement to incorporate security into DevOps practices in order to ensure flaws and weaknesses are exposed early on through monitoring, assessment, and analysis, so remediation can be implemented far earlier than traditional efforts. By failing fast with security testing, organizations reduce risk of a security incident and decrease the cost of rework.	Alan Crouch December 13, 2017
	Conducting Security Testing for Web Applications As cyber attacks continue to create panic, the threat to our applications and data in the digital sphere grows stronger. Enterprises in the connected world need to realize that security testing is essential for their web applications. They need modern, all-inclusive security testing plans from the inception of their projects to ensure a secure user experience. Here's how to get started.	Ketan Sirigiri September 25, 2017
	IoT Security Should Start with the UI Setup IoT security is a large and changing topic, but there is one basic starting point where device security can be improved during development and testing: the user interface. The UI should be the first line of defense, but it’s currently weak in most IoT devices. Implementing better practices during the initial UI setup will go a long way toward improving security.	Jon Hagar September 4, 2017
	What IoT and Embedded Device Testers Can Learn from the Volkswagen Emissions Scandal In 2015, it was discovered that Volkswagen had equipped millions of its cars with software to cheat on diesel emissions tests. It was a team of independent testers that uncovered the fraud. Jon Hagar tells testers what they can take away from the scandal and gives some recommendations to consider in order to improve the test industry for IoT and embedded systems.	Jon Hagar January 16, 2017

	Automated Security Scanning in Your Delivery Pipeline: An Interview with Matt Grasberger Video Matt Grasberger, a software consultant at Coveros Inc., discusses shifting left security scans that you can do quickly and easily and the open source tools that are available to utilize early in the application development process to ensure you are not introducing new vulnerabilities.	Jennifer Bonine August 10, 2018
	Security Testing for Test Professionals: An Interview with Jeff Payne Video Jeff Payne, CEO and founder of Coveros Inc., discusses the need for testers to incorporate security testing into development from the beginning. He also details some of the open source and commercial tools available for finding and resolving security problems.	Jennifer Bonine July 19, 2018
	Understanding the Role of QA in DevOps: An Interview with Gene Gotimer Video Gene Gotimer, senior architect at Coveros Inc., discusses understanding the role of QA in DevOps, DevOps educational tools, trusting your team, and paid and open source security tools.	Jennifer Bonine July 6, 2018
	Giving Control Back to Software Developers: An Interview with Mike Faulise Video In this interview, Michael Faulise, the founder and managing partner at tap\|QA, explains how the move toward DevOps and away from release management is giving control back to developers, then details why major companies often need partners to leverage CI, CD, and other modern techniques.	Jennifer Bonine May 18, 2018

Better Software Magazine Articles

	What if Someone Steals Your Code? Bob Zeidman, an expert in software forensics, provides a great overview of how to protect your software from predators. You'll learn the difference between copyrights, trade secrets, and patents.	Bob Zeidman November 11, 2016
	Pitfalls of Developing for the IoT The Internet of Things (IoT) enables amazing software-powered devices designed to make our business and personal lives easier. Lev Lesokhin discusses four fundamental practices you'll need when developing sophisticated software for the IoT.	Lev Lesokhin July 14, 2016
	Your Professional Responsibility for Security and Performance It is Johanna Rothman's belief that security and performance are no longer nonfunctional requirements in modern-day software development. Instead, we must prepare to accommodate security and performance needs in all projects.	Johanna Rothman April 28, 2016
	A Radical View of Software Licensing and Piracy Software vendors are making extraordinary efforts to protect the installation and use of apps, but have they gone too far? Preventing software piracy can have an adverse effect on genuine users. Software licensing technology, according to Steve, needs to strike the best balance of protecting the asset while trusting the customer.	Steven Cholerton September 12, 2014

Conference Presentations

	Combatting Threats to Payment Processing in the Era of Connected Ecosystems Slideshow In an increasingly connected world, protection from security vulnerabilities and threats is essential. Yet providing that protection can be complex to understand, especially with changes in digital technology, consumer demands, and how social media influences consumer shopping and payment...	Elizabeth Koumpan
	A Definition of Done for DevSecOps Slideshow DevOps needs to consider many different aspects of software quality to deliver reliable software continuously. The term DevSecOps was developed to highlight that security is a key component of quality and cannot be ignored during continuous delivery. Join Gene Gotimer as he discusses how to determine a definition of done that includes security for DevOps pipelines. He'll discuss how continuous integration can invoke static analysis tools to test for security errors and check for software vulnerabilities. You'll learn how automated deployments and virtualization make dynamic environments available for testing in a production-like setting, and explore approaches to leverage existing regression tests to test for security as a side effect. Gene will reveal how a DevOps pipeline can be designed with security in mind.	Gene Gotimer
	Automated Security Scanning for Your Delivery Pipeline Slideshow Agile development and DevOps depend on an automated pipeline to build, test, and deploy code quickly. Security is all too often viewed as a manual task that is too difficult to automate and something to be left for later—not a good decision! Matt Grasberger says that, by leveraging automated security scans with open source scanners, you can reduce the risk of security vulnerabilities, get the most out of your pipeline, and increase software quality. Matt thoroughly explains and demonstrates several ways to implement automated security scans. Discover how to quickly test endpoints against SQL injection with sqlmap, an open source penetration test tool. Explore how you can identify common vulnerabilities with OWASP ZAP, an open source web application scanner with scripting capabilities. See how you can apply these free or low-cost tools to introduce baseline security scanning into your DevOps pipeline.	Matthew Grasberger
	The T-Shaped Scrum Team: Get in Shape for Your Future Slideshow Today, agile teams are being asked to do more than ever before. The notion of a T-shaped person, created by Tim Brown (CEO of IDEO) in the 1990s, describes a new breed of worker—one who goes beyond the standard, assigned role. Mary Thorn believes that the roles of team members can stretch...	Mary Thorn

Recommended Web Seminars

Mar 14	Agile Transformation Best Practices
On Demand	Reality Check: The Role of Manual Testing in DevOps
On Demand	Continuous Testing: Striking a Balance between Quality and Speed
On Demand	Maximize Your Test Coverage throughout the DevOps Pipeline
On Demand	Broadcasting the Strategic Business Value of QA

See All

Featured Resources

Synthetic Monitoring 101 | Apica Systems

Putting the Ops into DevOps | IBM

90 Days to Better QA | Rainforest

8 Ways Synthetic Monitoring Complements Real User Monitoring | Apica

5 Ways to Time Travel Test | Vornex

Visit Our Other Communities

Bringing you today’s best agile ideas and thought-leaders with how-to advice on the latest agile development & methodology practices.

Where configuration management and development professionals go for answers on SCM, ALM, change management, DevOps, tools and more.

StickyMinds is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.

Michael Bolton Is Taking Over The Hub

TechWell Hub Takeover

The TechWellHub Slack Takeovers offer opportunities to ask experts anything in the Hub’s Slack workspace. Michael Bolton is our fourth expert to take over—he will be ready to chat with TechWell Hub members all day Thursday, February 28, in the #testing channel.

Michael Bolton is a well-known international software testing speaker, and co-author of Rapid Software Testing (with senior author James Bach). Tag questions with @michael.a.bolton to chat with him! Join us at hub.techwell.com. See you there!

Tweets by StickyMinds

Upcoming Events

Apr 28	STAREAST The Premier Event for Software Testing and QA Professionals
Jun 02	Agile + DevOps West The Latest in Agile and DevOps
Jun 23	Agile Testing Days USA America's Greatest Agile Testing Festival!
Sep 29	STARWEST Software Testing Conference in Anaheim

Welcome