Contributed By
Taylor Armerding, Software Security Expert, Synopsys Software Integrity Group
“If tools aren’t used correctly, at the right time, and in the right way, they can flag an overwhelming number of potential vulnerabilities, many of them insignificant or irrelevant to a particular project. And that can frustrate development teams to the point that they could start ignoring the warnings or even disabling the tools, undermining the security those tools are meant to enhance.”
That, according to Meera Rao, is one of the biggest challenges of embedding security into DevOps and yielding effective DevSecOps.
Rao, senior director for product management (DevOps solutions) at Synopsys, notes the reality that “at every stage in the pipeline or even in your SDLC, you have many security activities to perform, and each and every one of them gives you vulnerabilities. That can lead to defect overload.”
By now, that list of DevSecOps testing tools and other security tasks is fairly standard. At the start, security teams should conduct threat modeling and risk analysis based on what an application is expected to do and what kind of input, if any, it will handle. Obviously, a page on a website that accepts user input including personal and financial data needs more rigorous security than one that simply provides information, such as the locations of company offices.
During the coding and building phases, automated tools like static, dynamic, and interactive analysis can flag bugs and other defects that could be exploited. Fuzz testing can check how the software responds to random, malformed input. Software composition analysis (SCA) can help find open source components that may have security defects and/or licensing conflicts.
Esta historia es de la edición February 2021 de HWM Singapore.
Comience su prueba gratuita de Magzter GOLD de 7 días para acceder a miles de historias premium seleccionadas y a más de 8500 revistas y periódicos.
Ya eres suscriptor ? Conectar
Esta historia es de la edición February 2021 de HWM Singapore.
Comience su prueba gratuita de Magzter GOLD de 7 días para acceder a miles de historias premium seleccionadas y a más de 8500 revistas y periódicos.
Ya eres suscriptor? Conectar
Is 8GB Of Memory Enough For Your MAC?
Anyone who has ever purchased a Mac will ask if they should upgrade its memory. Most base Macs only come with 8GB of memory.
Astoundingly Beautiful And Fun
Unicorn Overlord is one of those games where it's immensely challenging to review and write.
SWISS ARMY KNIFE POT
Most Singaporeans are foodies at heart, and there's nothing we love more than a good home-cooked dinner.
AN AI-LITE FLAGSHIP SMARTPHONE
The Honor Magic6 Pro emerges as a refreshing outlier, poised to disrupt the market with its impressive specifications and innovative features.
Rise Of Ronin
Team Ninja's Rise of the Ronin finds itself at a crossroads of identity, attempting to marry elements from various gaming genres into a single cohesive experience.
WHAT PRICE FOR PEACE OF MIND?
TackGPS Plus boasts of being the world's first GPS tracker with indoor elevation finding capabilities and up to 30 days of battery life on a single charge.
BYD SEAL PERFORMANCE MODEL
You only need to spend a minute by the side of any road to know that sedans don't sell nearly as well as they used to. SUVs now rule the roost, which is why BYD's first serious foray into our market was with the Atto 3 a compact SUV.
THE 12 Best Flagship True Wireless Earbuds Compared
With so many brands available, it can be hard to decide which to get, this is why we've rounded up and tested the best that all of the major brands have to offer.
Fantastic Keyboard
The Falchion RX Low Profile is an interesting keyboard. While it is a part of the ASUS Republic of Gamers (ROG) sub-brand, it has plenty of features for the non-gaming audience too.
This Game Needs C-P-ARRRR!
Oh boy, where do I even begin. My journey with Ubisoft’s Skull and Bones, which started way back in 2017 when it was announced, has been akin to navigating a stormy voyage.