Security

Articles

	DevSecOps: Incorporate Security into DevOps to Reduce Software Risk DevSecOps is a growing movement to incorporate security into DevOps practices in order to ensure flaws and weaknesses are exposed early on through monitoring, assessment, and analysis, so remediation can be implemented far earlier than traditional efforts. By failing fast with security testing, organizations reduce risk of a security incident and decrease the cost of rework.	Alan Crouch December 13, 2017
	Conducting Security Testing for Web Applications As cyber attacks continue to create panic, the threat to our applications and data in the digital sphere grows stronger. Enterprises in the connected world need to realize that security testing is essential for their web applications. They need modern, all-inclusive security testing plans from the inception of their projects to ensure a secure user experience. Here's how to get started.	Ketan Sirigiri September 25, 2017
	IoT Security Should Start with the UI Setup IoT security is a large and changing topic, but there is one basic starting point where device security can be improved during development and testing: the user interface. The UI should be the first line of defense, but it’s currently weak in most IoT devices. Implementing better practices during the initial UI setup will go a long way toward improving security.	Jon Hagar September 4, 2017
	What IoT and Embedded Device Testers Can Learn from the Volkswagen Emissions Scandal In 2015, it was discovered that Volkswagen had equipped millions of its cars with software to cheat on diesel emissions tests. It was a team of independent testers that uncovered the fraud. Jon Hagar tells testers what they can take away from the scandal and gives some recommendations to consider in order to improve the test industry for IoT and embedded systems.	Jon Hagar January 16, 2017

	Prioritizing Security Testing: An Interview with Matt Grasberger Video Matt Grasberger, a software consultant with Coveros, talks about how security testing is often put off in the development lifecycle until risks are so embedded that it’s a massive undertaking to fix them. Matt highlights two tools that can be used to automate security testing early in the development lifecycle and gives some resources for requirements that you should have as a baseline for your security testing.	Jennifer Bonine June 26, 2019
	Automated Security Scanning in Your Delivery Pipeline: An Interview with Matt Grasberger Video Matt Grasberger, a software consultant at Coveros Inc., discusses shifting left security scans that you can do quickly and easily and the open source tools that are available to utilize early in the application development process to ensure you are not introducing new vulnerabilities.	Jennifer Bonine August 10, 2018
	Security Testing for Test Professionals: An Interview with Jeff Payne Video Jeff Payne, CEO and founder of Coveros Inc., discusses the need for testers to incorporate security testing into development from the beginning. He also details some of the open source and commercial tools available for finding and resolving security problems.	Jennifer Bonine July 19, 2018
	Understanding the Role of QA in DevOps: An Interview with Gene Gotimer Video Gene Gotimer, senior architect at Coveros Inc., discusses understanding the role of QA in DevOps, DevOps educational tools, trusting your team, and paid and open source security tools.	Jennifer Bonine July 6, 2018

Better Software Magazine Articles

	What if Someone Steals Your Code? Bob Zeidman, an expert in software forensics, provides a great overview of how to protect your software from predators. You'll learn the difference between copyrights, trade secrets, and patents.	Bob Zeidman November 11, 2016
	Pitfalls of Developing for the IoT The Internet of Things (IoT) enables amazing software-powered devices designed to make our business and personal lives easier. Lev Lesokhin discusses four fundamental practices you'll need when developing sophisticated software for the IoT.	Lev Lesokhin July 14, 2016
	Your Professional Responsibility for Security and Performance It is Johanna Rothman's belief that security and performance are no longer nonfunctional requirements in modern-day software development. Instead, we must prepare to accommodate security and performance needs in all projects.	Johanna Rothman April 28, 2016
	A Radical View of Software Licensing and Piracy Software vendors are making extraordinary efforts to protect the installation and use of apps, but have they gone too far? Preventing software piracy can have an adverse effect on genuine users. Software licensing technology, according to Steve, needs to strike the best balance of protecting the asset while trusting the customer.	Steven Cholerton September 12, 2014

Conference Presentations

	What Japanese Shinkansen Trains Can Teach Us about Agile Slideshow Have you ever been to Japan and noticed that their railway system is incredibly efficient? As places like Tokyo continue to expand and the cost of living rises, more and more people rely on trains that start hours away from the city to arrive on time. This allows passengers to make their connections to other trains networks and metros that will take them to their final destination. In 2017, over 420 million passengers boarded Shinkansen trains that had an average delay of only 24 seconds! Not to mention that in the 55 years of operation, the Shinkansen has had no injuries due to collision accidents, only 2 derailments, and zero fatalities. Matthew Weinstock walks you through agile principles and practices that are used to keep the trains in Japan running on time, as well as being used to constantly improve their technology, reliability and safety.	Matthew Weinstock
	Security Partners or Security Police? Slideshow It’s often said that with great power comes great responsibility. As technology becomes more powerful, security becomes a great responsibility. You’ve read all the books, followed the latest updates on all the blogs and forums, or maybe you just have a gut feeling that there’s a potential for disaster. As software testers, is it our job to be the security police? If you don’t protect the public, who will? Then there is the business—who is going to protect them from themselves? You go into meetings ready to save the day only to be shot down or, even worse, ignored. What went wrong? Why were you so easily dismissed? Join Janna Loeffler and Yesenia Yser as they talk about how to be the Secret Service of software security instead of the security police. They’ll talk about some simple actions you can take to increase the security of your software without policing it.	Janna Loeffler
	Visual Regression Testing: A Critical Part of a Mobile Testing Strategy Slideshow There are many types of testing that companies need to perform in order to have confidence in their product: security testing, integration testing, system testing, performance testing, and more. Often, mobile developers focus on ensuring that main end-to-end flows of their applications work by relying on frameworks like Appium or Robotium. However, in the mobile domain, visual testing is essential because mobile devices differ drastically in capabilities, display dimensions, and even operating systems. Visual regression testing targets specific areas of visual concepts like layouts, responsive design, graphics, and CSS. Because modern mobile applications are built as hybrid and native applications, there is no way to scale this sort of testing using manual resources, so visual test automation must be a crucial piece of the testing stack.	Dmitry Vinnik
	Serverless Security: Overcome Architectural Security Challenges Slideshow Serverless architectures take the idea of microservices to the extreme. To implement secure serverless architectures, you have to understand how to compartmentalize programs at the function level. You also need to factor in security practices: Serverless architectures are susceptible to traditional attacks such as SQL injection and command injection, along with a wide variety of privilege escalation and sensitive data disclosure attacks. Developers must consider what would happen if an attacker attempted to invoke each of their functions directly. What if one of those functions were to become nonresponsive? Designing, implementing, and maintaining serverless architectures dramatically increases the complexity of security. Join Eric Sheridan as he discusses how to implement distributed, secure identity management and entitlement enforcement across 250+ functions.	Eric Sheridan

Recommended Web Seminars

On Demand	Developing with Quality in Mind: A Blueprint to Power Up Your QA Strategy
On Demand	Employing Microservices: 5 Ways to Tame Container Chaos
On Demand	The Future of Test Automation: Next-Generation Technologies to Use Today
On Demand	Move beyond Traditional Mobile App Testing with AI and DevOps
On Demand	Driving Business Results with DevOps

See All

Featured Resources

Synthetic Monitoring 101 | Apica Systems

8 Ways Synthetic Monitoring Complements Real User Monitoring | Apica

Getting Started with API Testing: A Crucial Step in Microservices and Container Development | Mindfire

Jump-Start a Mobile Testing Lab | Mobile Labs

Open Source Testing Tools eGuide | TechWell

Visit Our Other Communities

Bringing you today’s best agile ideas and thought-leaders with how-to advice on the latest agile development & methodology practices.

Where configuration management and development professionals go for answers on SCM, ALM, change management, DevOps, tools and more.

StickyMinds is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.

STARWEST Virtual Keynotes Available On-demand

It's not too late to stream all 5 keynotes, select sessions, speaker interviews and more.STARWEST Virtual is now available on-demand. Register now to start watching recorded content from the event last week.

Tweets by StickyMinds

Upcoming Events

Oct 20	STARCANADA Software Testing Conference in Toronto
Nov 03	Agile + DevOps East The Latest in Agile and DevOps
Jun 07	Agile + DevOps West The Latest in Agile and DevOps

Welcome