#DevSecOps
43 articles
What is DevSecOps? Definition, practices and tools for secure development
DevSecOps integrates security into every stage of the SDLC. Key practices, tools and how to implement a shift-left security culture.
Machine-readable security attestations — automating compliance in CI/CD
Static compliance reports cannot keep pace with modern development. Machine-readable security attestations enable automatic security verification on every CI/CD pipeline run.
IAST — What Is Interactive Application Security Testing?
IAST (Interactive Application Security Testing) combines the strengths of SAST and DAST by analyzing applications from the inside during runtime. Learn how it works, compare it with other AST methods, and discover best practices for integration into CI/CD pipelines.
SaaS company security — how to protect your product, customer data and reputation
SaaS companies store thousands of customers' data – a breach destroys trust. Learn product security strategies, data protection, and compliance for SaaS vendors.
What Is DRP (Disaster Recovery Plan) and How Does It Work? Key Elements
Disaster Recovery Plan (DRP) is a comprehensive strategy ensuring IT system continuity during major failures. An effective DRP reduces downtime-related financial losses by 75% and protects organizational reputation.
SBOM — Software Bill of Materials as the foundation of supply chain security
What is SBOM and why is it becoming a regulatory requirement? SPDX, CycloneDX formats, SBOM generation, CI/CD integration, and open source vulnerability management.
API Penetration Testing — a complete guide to API security testing
API penetration testing — OWASP API Security Top 10, REST vs GraphQL vs gRPC, tools, methodologies. Learn how to secure your APIs.
Ransomware
Learn what ransomware is and how to protect your company from this type of cyber threat. Discover strategies, tools, and best practices that can help prevent and respond to ransomware attacks.
Data Leaks and Ransomware Attacks Are the Biggest Threats to Organizations
Learn why data leaks and ransomware attacks are the biggest threats to organizations. Discover data protection strategies and best practices that can help minimize the risk of these attacks.
SAST and DAST Synergy
Learn how the synergy between SAST and DAST can enhance your software security. Discover the benefits of combining static and dynamic testing.
DevSecOps: How to Secure Your DevOps Environment? Best Practices and Tools
DevSecOps integrates security into the DevOps process from the planning stage, enhancing application protection.
Application monitoring - from performance to security
Effective application monitoring is the key to application performance and security. Find out what tools and methods will help you optimize your IT systems.
What is CSP (Content Security Policy) and How Does It Work?
Learn what CSP (Content Security Policy) is, how it works, and why it's an important element of website protection.
Cyber Trends: Ransomware
Learn about the latest cyber trends related to ransomware. Find out how these threats are evolving and what protection strategies are most effective in preventing ransomware attacks on your organization.
Security by Design — Building Security from the Start
Security by Design is an approach where security is an integral part of the system from the earliest design stages — not an add-on implemented after development is complete.
What Is OpenShift? Kubernetes, Container Security, and Enterprise Deployment
OpenShift is Red Hat's Kubernetes-based platform for container management. Learn OpenShift vs Kubernetes differences, security, and use cases.
OWASP Top 10: A Guide to the Top 10 Threats to Web Applications.
For more than 20 years, the OWASP Top 10 list has been the most important guidepost for developers and security professionals around the world. This is not a theoretical document, but a ranking of the most serious and common threats based on real data. The latest edition of the list shows a clear tr
What is Secure SDLC? - Secure software lifecycle
In the traditional model, security was the brake - the team that said
DevSecOps in practice: How to build security into the application lifecycle, rather than tacking it on at the end?
In the traditional model, security was the brake - the team that said
Office 365 Backup
Learn how to effectively backup Office 365 data. Discover best practices and tools that ensure the security and availability of your cloud data.
What is Kubernetes? A complete guide to managing containers in the cloud
In the modern IT world, containers have revolutionized the way applications are built and deployed. But how do you manage hundreds or thousands of these containers at scale? The answer is Kubernetes. This guide is an in-depth introduction to the de facto standard for container orchestration. Step by
What is DevOps? A complete guide to cultural and technology transformation in IT
Are your development and operations teams working in perpetual conflict, blaming each other for mistakes and delays? It's a
What is DevOps and How to Accelerate Software Delivery with This Work Culture?
For years, developers and administrators were like two warring tribes, separated by a
Dell EMC PowerStore – Revolutionary Storage Array
Discover Dell EMC PowerStore, a revolutionary data storage array. Learn how this innovative solution increases performance and efficiency of data storage. Discover key PowerStore features and benefits for your company.
RidgeBot® in DevSecOps: How to Balance DevOps Speed with CI/CD Security?
Development teams are working under tremendous pressure to deliver new features quickly and efficiently. Incorporating time-consuming, manual security testing into this process is a huge challenge. This article shows how automated penetration testing platforms, such as RidgeBot®, are becoming an
What is SQL Injection? Definition, Operation, Threats, and Protection
Learn about SQL Injection attacks - a technique that enables cybercriminals to manipulate SQL queries to gain unauthorized access to databases. Discover how these attacks work, what threats they pose, and how to effectively protect your applications.
Retesting and Remediation Validation After Pentests: Why and How to Verify Fixes
A pentest report alone doesn't improve security - implementing fixes is what counts. Retests verify whether remediation was effective. Learn how to organize a fix validation process.
Internal Pentest Team vs Outsourcing: Which Option to Choose
You won't avoid the 'build vs buy' dilemma with penetration testing. Learn the arguments for and against an internal team and outsourcing - and discover when each model makes sense.
What is Infrastructure as Code? - A compendium of knowledge
Learn what IaC is, its benefits, and how it helps automate infrastructure management to increase IT efficiency.
Obfuscation - Code obfuscation - What is it, how does it work and how to detect it?
Learn about obfuscation - a code obfuscation technique, its uses, how it works and how to detect it for security analysis.
Cybersecurity in Software Development - Best Practices
Improve your software security by applying proven cybersecurity practices at every stage of development.
Source Code Audit - What It Is, How It Works, and Why You Should Do It
Learn how source code auditing can help secure your software against cyber threats. Overview of techniques and benefits.
Web Application Penetration Testing - What It Is and How It Works
Learn about the process and benefits of conducting web application penetration testing. Find out how to effectively identify security vulnerabilities.
IBM Instana and Enterprise Cloud Strategy
IBM Instana from nFlo: supporting enterprise cloud strategy. Optimize performance and application monitoring in the cloud.
IBM Instana and DevOps: An Integrated Approach to Monitoring
IBM Instana and DevOps from nFlo: an integrated approach to monitoring. Increase efficiency and control over your IT infrastructure.
IBM Instana: Increasing Application Operational Efficiency and Reducing Downtime
IBM Instana from nFlo: increase application operational efficiency and reduce downtime. Optimize your IT infrastructure.
Digital Transformation with HCL Workload Automation
Digital transformation with HCL Workload Automation from nFlo: automate processes and increase your company's efficiency.
How IBM Global Mirror Works: A Comprehensive Technology Review of Data Replication
Learn about IBM Global Mirror - a comprehensive overview of technology for long-distance data replication, ensuring business continuity and protection against data loss.
What Are Mobile Application Penetration Tests and How Do They Work?
Learn how mobile application penetration tests help identify and eliminate security vulnerabilities. Discover the methods and tools used in these tests.
DevOps Support with RidgeBot
Support your DevOps team with RidgeBot by automating security testing. Learn about the benefits of continuous monitoring and integration with DevOps tools.
IT Automation with Red Hat Ansible Automation Platform
Automate IT management with Red Hat Ansible Automation Platform. Learn how this solution simplifies deployment, configuration management, and operations in IT environments.
Scalability Benefits with Red Hat OpenShift
Red Hat OpenShift is the key to cloud application scalability. Learn how to increase the flexibility and performance of your IT systems with this solution.
Penetration Testing: Definition, Details – Q&A
Learn what penetration testing is and how it can increase your company's security. Get the definition, details, and answers to the most frequently asked questions about penetration testing.