Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We’ve been busy this New Year (a rather warm one in San Francisco) to bring you exciting new ways to secure your DevOps journey. Read on for the details and see how you can put them to use!

Detectify user story: Smartbear offers automated software testing solutions that help development and testing teams ensure quality throughout the software development lifecycle. Martin Loewinger, Director of SaaS Operators at Smartbear, and his team use Detectify to ensure security is a part of each product CI/CD pipeline, so that they can help their end users with test automation and monitoring.

Check Point researchers recently published two vulnerabilities they’d found in Microsoft’s Azure cloud services. These flaws highlight a wave of potential attacks on cloud infrastructure and the exposure of workloads running in multi-tenant cloud environments.

Back in the early 2010s, a Forrester researcher, John Kindervag, noticed that corporations had a binary view of trust and privilege. Once new employees have completed training, they are given full access to all the tools and VPNs needed to get their job done. Once they are logged on, they are trusted completely. Kindervag noticed that “trust” is a vulnerability that can be exploited. Since then, awareness of Zero Trust implementations has grown, in particular Google’s BeyondCorp.

Microservices provide great benefits to development organizations. They enable multiple autonomous development teams to work on the same application, maintaining efficiency,speed, and utilization of modern resources such as open source, containers and programming languages. The Microservice paradigm simplifies application building,debugging, management, deployment, scalability and of course time to market.

It is likely that at some point in the span of your software engineering career, you will run into an issue that requires poring over audit logs to figure out what went wrong and who did it. This could be to troubleshoot a variety of issues ranging from an unauthorized change that a consultant or vendor made, to bad actors that have gained access to your system.

Beyond creating and deploying software, security should be the biggest focus of technological development. No matter how cool something is, if it isn’t secure, if it cannot protect the information it contains, it will ultimately fail – or be the subject of enough major lawsuits that it will be shut down or have to disappear.

While the move to microservices-based architecture is relatively new, it is already mainstream. A majority of companies are choosing it as their default architecture for new development,and you are not cool if you are not using microservices. With regards to migrating legacy apps and breaking them down to microservices, companies are showing more conservatism, and rightly so.