Editor’s Note: This post originally appeared on HackerOne. So you want to move to the cloud. It’s okay. You’re not alone. 96 percent of decision makers in one survey have cloud initiatives underway. Enterprise IT teams will soon reach the tipping point, spending over 50 percent on cloud apps and services instead of on-premises deployments for the first… Read More
How to Secure Your Feature-Flag-Based Application
Editor’s Note: This post originally appeared on Rollout.io. You can’t wait for next week. You’ve sold your management on the importance and usefulness of feature flags for your application. Your development team is ready to deliver its first experiments with feature flags and next week is when you’ll turn them on. Then you get a phone call.… Read More
DevOps Security Means Moving Fast, Securely
Editor’s Note: This post originally appeared on Scalyr’s blog. Check them out if you need operational monitoring to help your DevOps go. In this world of lightning-fast development cycles, MVPs, and DevOps, it may intuitively feel like security gets left behind. You might be thinking, “Aren’t the security guys the ones who want to stop everything… Read More
Security as Code: Why a Mental Shift is Necessary for Secure DevOps
Editor’s Note: This post originally appeared at Simple Programmer. They help make the complicated simple. Inertia is “the tendency to do nothing or remain unchanged.” It is a strong force in physics. It also often holds sway in the technology industry. By 1996, the first official definitions of Internet Protocol Version 6 (IPv6) were created. Over 20… Read More
Quick Tips for Better C# Security
Editor’s Note: This post originally appeared on SubMain. Check it out if you want to learn more about how SubMain’s tools can help you build software right and more efficiently. Application security is a hot topic. No one wants to write code that leads to the next data breach or major headline. C# security is… Read More
5 Reasons You Need Application Security Champions
Have you ever felt that your developers and your application security team don’t see eye-to-eye? Do your developers hold feelings of dread at the mention of “the security guys”? This is a common problem with culture in the industry. There has long been a cultural divide between security and application teams. Developers want to deliver… Read More
Your Security Perimeter is a Living Cell, Not a Castle Wall
Editor’s Note: This post was originally posted on Cobalt’s blog. Check out the original post here. Check out their site if you are interested in a new way to pen test your application. You’ve heard the analogy before. Your enterprise is a fortress. Protect it with towers. Build stone walls to protect your data. Build… Read More
The Developer’s Guide to Cryptography: Hash Functions and HMACs
So far, we’ve discussed the basics of encryption and symmetric encryption algorithms. Encryption is used to protect the confidentiality of data. Let’s now take a small turn and look at protecting the integrity and authenticity of data. Encryption can protect data from being read while in transit. However, this does not prevent the data from… Read More
The Developer’s Guide to Cryptography: Why ASP.NET Core 2 Gets It Right
Last time, we discussed what AES encryption looks like in Node.js. Now, to get a flavor of what other languages and frameworks do for AES encryption, we’ll take a look at ASP.NET Core 2. I am excited with what ASP.NET Core and .NET Core in general do for C# and other Microsoft technologies. ASP.NET Core… Read More
The Developer’s Guide to Cryptography: AES in Node.js
The Advanced Encryption Standard, or AES, is the standard chosen by the U.S. government to protect messages with symmetric encryption. Understanding what AES does and how it works is important. So is understanding how to use is practically in a real program. We’ll first take a look at the Node.js implementation of AES. For now,… Read More