QSC17: Qualys Battles the Silos, Helps Protect Digital Transformation Efforts

Digital transformation initiatives, if properly implemented, must go way beyond deploying the latest shiny IT systems. Instead, they must aim to fundamentally disrupt and reinvent business processes throughout the entire organization. That was the message Qualys Chief Product Officer Sumedh Thaka...

WebBreaker - Dynamic Application Security Test Orchestration (DASTO)

Build functional security testing, into your software development and release cycles! WebBreaker provides the capabilities to automate and centrally manage Dynamic Application Security Testing DAST as part of your DevOps pipeline. WebBreaker truly enables all members of the Software Security...

Webinar with Rick Orloff, ex CISO of eBay

Join us at 11 am PDT on Wednesday, September 27 for a live frank conversation with Rick Orloff, CSO of Code42 and former CISO of eBay. UPDATE: The recorded webinar is available as a podcast: Rick shared his insights about the changing role of security with new realities of DevOps world, new...

Wallarm to sponsor OWASP AppSec USA

If you are a SecOps or DevOps professional you can not miss the application security event of the year: AppSec USA, September 19–22nd at Disney Coronado Spring Resort, Orlando, FL Use the code: UNLM50WLLRM to register to get $50 discount. You will get great information on the new security tools a...

Managing Security in a DevOps Environment

DevOps is a software development practice in which development and operations engineers collaborate during the entire product lifecycle. With the adoption of DevOps at mainstream levels, we now see security starting to take a bigger role in DevOps’ day-to-day responsibilities. From a security...

July 21, 2017 – Morning Cyber Coffee Headlines – “Harry Potter” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! July 21, 2017 - Headlines U.S. Justice Department Shuts Down Dark Web Bazaar...

July 20, 2017 – Morning Cyber Coffee Headlines – “British Open” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! July 20, 2017 - Headlines Carbon Black in the News: The dark web goes corporate...

(Server) Ransomware in the Cisco 2017 Midyear Cybersecurity Report: Rapid7's Readout

It's summer in the northern hemisphere and many folks are working their way through carefully crafted reading lists, rounding out each evening exploring fictional lands or investigating engrossing biographies. I'm hoping that by the end of this post, you'll be adding another item to your "must...

How to Build Virtual Python Environment

In the DevOps world, getting a consistent development environment is crucial. In this post, I'll show you how to set up a virtual Python environment and install the correct libraries to achieve a consistent development environment...

DevOps: Vagrant with AWS EC2 & Digital Ocean

The Benefits of Vagrant Plugins Following on from my recent DevOps blog posts, The DevOps Tools We Use & How We Use Them and Vagrant with Chef-Server, we will take another step forward and look into provisioning our servers in the cloud. There are many cloud providers out there, most who provide...

Randstad Group Selects Trend Micro to Protect its Public Cloud Infrastructure

The Randstad Group is currently in the process of consolidating and centralizing its IT infrastructure across 30 IT departments, and will be providing service to more than 40 operating countries across four continents. To ensure the new infrastructure will have optimal security the company select...

Simple Vulnerability Remediation Collaboration with InsightVM

Many security groups today use ticketing systems that were originally designed for IT or developers, and are usually ill-suited to their vulnerability management needs. Even more commonly, teams simply rely on spreadsheets and unwieldy reports. On the other end of the spectrum, some security team...

Multi Purpose DevOps Security Auditing Tool: DevAudit

Multi Purpose DevOps Security Auditing Tool DevAudit is an open-source, cross-platform, multi-purpose security auditing tool targeted at developers and DevOps practitioners that detects security vulnerabilities at multiple levels of the solution stack. DevAudit provides a wide array of auditing...

DevOps, Automation, Security and Compliance

Phew, the title of this post alone sounds like it could be quite a lot to deal with! So what is DevOps? DevOps is simply the blending of infrastructure operations processes and software development to enable faster changes to business applications/technology. These processes share a lot of ideolo...

Ruggedization Framework For Security Testing: Gauntlt

Gauntlt is a ruggedization framework that is enables security testing that is usable by devs, ops and security. Gauntlt provides hooks to a variety of security tools and puts them within reach of security, dev and ops teams to collaborate to build rugged software. It is built to facilitate testin...

Hackers and Developers Need to Hug it Out

The divide between developers and hackers is real. So, apparently, is the effort to bring them together and make them play nicely. “It’s not just a knowledge gap, but an empathy gap,” said I Am The Cavalry founder Josh Corman during a panel discussion at last week’s RSA Conference. “One common...

Etsy Feature Flags Keep Marketplace Online and Secure

BOSTON – Etsy is one of the Web’s biggest marketplaces. Its developers may be one of Web’s busiest teams. Proudly, the vintage and homemade goods online store, will push code to production upwards of 50 times a day. And, according to Kenneth Lee, senior product security engineer, they do so with...

DevOps Integration Key to Avoiding Pre-Ordained Security Failures

BOSTON – Downstream is where you live today as a security person. If Gene Kim has his way, you’ll be inline soon enough. Kim’s keynote today at Source Boston 2013 took listeners on a deep dive of the integration of development and IT operations and helped map out how organizations may be able to...

The Novel Practice of DevOps Stars in The Phoenix Project

After a long 2.5 years Gene Kim, Kevin Behr, George Spafford, the authors of the awesome Visible Ops series, have just launched their latest book, The Phoenix Project. I was fortunate enough to get to read some early drafts, so I am extra excited that it is finally shipping. When Gene first...

Microsoft Visual Studio Team Foundation / Azure DevOps Server Detection (Windows SMB Login)

SMB login-based detection of Microsoft Visual Studio Team Foundation / Azure DevOps Server. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...