Security

Articles

	Embedding Security in a DevOps World Faster DevOps processes also create new challenges. It was difficult enough to add security into a traditional waterfall software development lifecycle with monthly or quarterly releases, but now software updates are released several times a day! What can developers do to build and maintain more secure applications? Here are some ways to encourage better security practices throughout the DevOps lifecycle.	Alex Humphrey November 13, 2019
	Integrating Security and Testing Practices QA and information security use different methods to approach the same goals. When both groups work together, they can make a greater impact on the security of our products. Here's how the QA team can collaborate with infosec to implement strong security standards, prioritize what to test, and obtain quicker feedback on processes, ultimately seeing fewer production incidents related to security.	Sylvia Killinen October 21, 2019
	DevSecOps: Incorporate Security into DevOps to Reduce Software Risk DevSecOps is a growing movement to incorporate security into DevOps practices in order to ensure flaws and weaknesses are exposed early on through monitoring, assessment, and analysis, so remediation can be implemented far earlier than traditional efforts. By failing fast with security testing, organizations reduce risk of a security incident and decrease the cost of rework.	Alan Crouch December 13, 2017
	Conducting Security Testing for Web Applications As cyber attacks continue to create panic, the threat to our applications and data in the digital sphere grows stronger. Enterprises in the connected world need to realize that security testing is essential for their web applications. They need modern, all-inclusive security testing plans from the inception of their projects to ensure a secure user experience. Here's how to get started.	Ketan Sirigiri September 25, 2017

	Prioritizing Security Testing: An Interview with Matt Grasberger Video Matt Grasberger, a software consultant with Coveros, talks about how security testing is often put off in the development lifecycle until risks are so embedded that it’s a massive undertaking to fix them. Matt highlights two tools that can be used to automate security testing early in the development lifecycle and gives some resources for requirements that you should have as a baseline for your security testing.	Jennifer Bonine June 26, 2019
	Automated Security Scanning in Your Delivery Pipeline: An Interview with Matt Grasberger Video Matt Grasberger, a software consultant at Coveros Inc., discusses shifting left security scans that you can do quickly and easily and the open source tools that are available to utilize early in the application development process to ensure you are not introducing new vulnerabilities.	Jennifer Bonine August 10, 2018
	Security Testing for Test Professionals: An Interview with Jeff Payne Video Jeff Payne, CEO and founder of Coveros Inc., discusses the need for testers to incorporate security testing into development from the beginning. He also details some of the open source and commercial tools available for finding and resolving security problems.	Jennifer Bonine July 19, 2018
	Understanding the Role of QA in DevOps: An Interview with Gene Gotimer Video Gene Gotimer, senior architect at Coveros Inc., discusses understanding the role of QA in DevOps, DevOps educational tools, trusting your team, and paid and open source security tools.	Jennifer Bonine July 6, 2018

Better Software Magazine Articles

	What if Someone Steals Your Code? Bob Zeidman, an expert in software forensics, provides a great overview of how to protect your software from predators. You'll learn the difference between copyrights, trade secrets, and patents.	Bob Zeidman November 11, 2016
	Pitfalls of Developing for the IoT The Internet of Things (IoT) enables amazing software-powered devices designed to make our business and personal lives easier. Lev Lesokhin discusses four fundamental practices you'll need when developing sophisticated software for the IoT.	Lev Lesokhin July 14, 2016
	Your Professional Responsibility for Security and Performance It is Johanna Rothman's belief that security and performance are no longer nonfunctional requirements in modern-day software development. Instead, we must prepare to accommodate security and performance needs in all projects.	Johanna Rothman April 28, 2016
	A Radical View of Software Licensing and Piracy Software vendors are making extraordinary efforts to protect the installation and use of apps, but have they gone too far? Preventing software piracy can have an adverse effect on genuine users. Software licensing technology, according to Steve, needs to strike the best balance of protecting the asset while trusting the customer.	Steven Cholerton September 12, 2014

Conference Presentations

	Large-Scale DevSecOps: Bringing Security Confidence to Chaotic Development Slideshow Implementing application security (AppSec) programs on a large scale can often seem chaotic and unwieldy. Without the proper knowledge to implement robust AppSec tools, DevSecOps on a large scale can be overwhelming.	Dennis Hurst
	Continuous Application Security Testing Slideshow Because of its specialized nature, many aspects of application security testing are often assigned to testers from another team or another company, and they may be brought in to perform a point-in-time assessment prior to a release.	Josh Gibbs
	QADevSecOps: Leading a Quality-Driven DevOps Transformation Slideshow Have you wondered where QA professionals fit into a DevSecOps transformation? Stacy Kirk thinks they should champion the transformation. Regardless of where your company is on its journey to DevSecOps, quality must be at the forefront for optimal effectiveness and customer value. This means promoting feedback loops that use monitoring and reporting tools effectively, and most importantly, it means creating a culture of collaborative communication and continuous improvement. The role of the QADevSecOps practitioner must evolve from ensuring the quality of software to assessing the effectiveness of the company’s security and development processes using retrospectives as the new defect tracking system. Discover how Stacy’s experiences with innovative techniques have infused quality into every aspect of an agile transformation, from development to security to operations.	Stacy Kirk
	What Japanese Shinkansen Trains Can Teach Us about Agile Slideshow Have you ever been to Japan and noticed that their railway system is incredibly efficient? As places like Tokyo continue to expand and the cost of living rises, more and more people rely on trains that start hours away from the city to arrive on time.	Matthew Weinstock

Recommended Web Seminars

On Demand	The Real Scoop on AI and Testing
Jan 29	How to Scale Mobile and Web Test Automation in DevOps
On Demand	Developing with Quality in Mind: A Blueprint to Power Up Your QA Strategy
On Demand	Employing Microservices: 5 Ways to Tame Container Chaos
On Demand	The Future of Test Automation: Next-Generation Technologies to Use Today

See All

Featured Resources

Continuous Practices eGuide | TechWell

Leadership for Today's Agile Team eGuide | TechWell

Open Source Testing Tools eGuide | TechWell

DevSecOps eGuide | TechWell

AI and the Future of Testing eGuide | TechWell

Visit Our Other Communities

Bringing you today’s best agile ideas and thought-leaders with how-to advice on the latest agile development & methodology practices.

Where configuration management and development professionals go for answers on SCM, ALM, change management, DevOps, tools and more.

StickyMinds is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.

Join Tariq King for a Hub Takeover January 29

Tariq King is Taking Over the Hub Join us Wednesday, January 29 for our first TechWell Hub Takeover of 2020! Tariq King, founder and CEO of Selftest IO (and a frequent TechWell Events speaker), will be available for questions and conversations around testing and AI and will share info about his upcoming talks at our new EPIC Experience conference in San Diego. He’ll be ready to chat from 9am–1pm EST in the #testing channel of the Hub. Join the Hub to be a part of a vibrant and growing community.

Tweets by StickyMinds

Upcoming Events

Apr 19	EPIC Experience A Celebration of Agile Testing & Automation
May 03	STAREAST The Premier Event for Software Testing and QA Professionals
Jun 07	Agile + DevOps West The Latest in Agile and DevOps
Oct 04	STARWEST Software Testing Conference in Anaheim

Welcome