New Ranks & Badges For The Community!
Notice something different? The ranks and associated badges have gone "Star Fleet". See what they all mean HERE

Integrations: Empowering Dev, Test & Ops with Security

0 0 588


DevOps is a movement where operations and development work together throughout the entire software development lifecycle (SDLC) with the goal of producing higher quality software more efficiently. These goals cannot be realized without ensuring that the software being produced is secure. Security tools which enable high velocity and efficient detection of potential security vulnerabilities must be extensible to meet these requirements.

The old approach of hand-to-hand combat to serve an army of developers/testers/operations with very limited appsec specialists is not the most efficient way for appsec. We don’t have enough appsec specialists and there will never be enough of them to serve this outdated approach. (At least not anytime soon!)

We need to leverage integrations to make appsec available and consumable by DevOps. We can rely on automation (for repetitive tasks) to increase efficiency and accuracy. When armed with the right integrations, automation, and extensible APIs, application security can be scaled to cover all projects and applications while still being managed with few appsec specialists.  

Fortify has been a pioneer in providing integrations with development, testing, and operations tools.  Other vendors are beginning to take gradual steps (better late than never) to provide integrations capabilities to serve development, test, and operations.

Here are a few examples of how you can empower DevOps using Fortify Tools and integrations. Look for these blog posts in the coming weeks.

  1. Secure Code as Developed & Secure Builds
  2. Fix Security within Bug Bashing Process & APIs to Rule ‘em All
  3. Make Sense of SAST and DAST
  4. Protect the “Untouchables” and Secure the New Hype
About the Author
Application Security, Penetration Testing, Security
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.