Security Links

• An introduction to DevSecOps or rugged DevOps
  Rugged DevOps is the practice of shifting Security left. Security teams can introduce security much earlier in the development process. This is contrary to the standard approach where security practices of code analysis and vulnerability testing is placed just before the application is deployed into production.
• DevSecOps: Including Security in Software Life cycle
  Introducing security practices earlier in the software engineering will enable developers to always think of security while developing their application. This will also enable them to come up with creative solutions for enabling security in their applications.
• DevOps: A Holy Grail for Security?
  DevOps provides a method to have the concept of "Security by Design" integrated into the software engineering lifecycle from the start. It also helps keep security balanced with business objectives.
• DevOps:Performing Penetration Testing on Web Based Application to find Vulnerabilities
  Performing a Automated/Manual penetration testing in SDLC can help to find vulnerability at early stage of development and reduce the threat to the system. Its good to work in tandem with penetration tetsing team to build a robust security posture.
• DevOps: Performing a Network Penetration Testing
  Performing a Network or Infrastructure based penetration testing helps to identify the weak links inside the network components such as Servers, it also detects presence/absence of firewalls, NIDS/HIDS, vulnerable ports and services running on them. The early detection and mitigation of these vulnerabilities can help an organisation to build a robust and secure infrastructure. NMAP is an important tools to scan ports and find vulnerable services running on a server.
• Devops: Secure Coding Practice
  Enforcing a secure coding practice makes a programme/application resitant to malicious attackers or potentially malicious programmes. Implementing such practices in Devops can help to build a robust security posture right from the beginning. This link enumerates top 10 best practice which any organisation follwing a devops practice should follow.
• Devops: 5 best practices for integrating security into your DevOps
  These five best practice can help to integrate security features in SDLC within DevOps practice. It entails fast and efficient way to cultivate security and has an edge over traditional way of implementing security.
• Devops: Cloud Security in DevOps
  Cloud security is paramount in DevOps culture since most of the organisation is prefering to host off-premises services. This book provides the best way to provide security at SaaS,IaaS,PaaS services.
• Devops: Misconfiguration and Security Threat in IaaS cloud
  Various problems affecting the cloud are insecure interface APIs, shared resources, data breaches, malicious insiders, and misconfiguration issues. The potential attack vectors could be storage enumeration attack, link swap attacks, leaked access tokens, Key management and legal concerns. Deploying mitigation techniques like second factor authentication, encrypted key management, Logging, Audits can help to reduce the risk.
• Cloud Security Solution
  Few of the security solution infrastructure can be deployed in cloud environment to stop attacks like DDoS, web application attack can without reducing performance. Akamai Intelligent perform can be instrumental into threat intelligence to detect latest threats and act as a expertise to adapt to shifting and new tactics.