DevSecOps - Beginners guide

-

 

DevSecOps is the combination of development, securities and operations. It's an approaches that imposes the security practices and processes into the entire software development lifecycle. It should be applied on planning and coding stages to testing, deployment and on going operations. After all this will work on the whole development process. 


Why DevSecOps needed?

With the rapid pace of software development and deployment organizations needed the secured platform to develope the software and then deploy. Without slowing down the process, the DevSecOps is needed to perform all the tasks altogether. That's why DevSecOps is needed.

How it works?

It works in 4 ways.

They are: 

1. Collaboration

2. Automation

3. Continuous Security

4. MOnitoring

You can relate this topic with DevOps. But the difference is the Security.

Benefits of DevSecOps:

The two main benefits of DevSecOps are speed and security. Development teams deliver better, more-secure code faster, and, therefore, cheaper.

DevSecOps Manifesto describes that ," The purpose and intent of DevSecOps is to build on the mindset that everyone is responsible for security with the goal of safely distributing security decisions at speed and scale to those who hold the highest level of context without sacrificing the safety required." 

Learn more...

How can you adopt this techniques?

- By learning advanced coding method.

- Implementing the security testing into the CI/CD pipeline. 

- Make use of vulnerability scanning and code analysis tools to catch security flaws early on...


Actually this is related to the DevOps sector. So if you want to learn this in more advanced way, then learn DevOps first, if you can then you must need some basic knowledge in software development model and lifecycle. Learn different testing criteria such as black box testing, white box testing etc. You also should learn cloud computing such as AWS, Microsoft Azure etc. Learn coding with memory saving techniques etc.

Learn more. 

Comments

Post a Comment

Popular posts from this blog

Nest js

-
Image
The article is Written by Md Tareq Shah Alam .  Feel free to share.. Nest js is a progressive node framework. It doesn't give you a lot of structure. This is efficient when you have already a lot of sturcture in the backend. The syntax or the structure is very similar to Angular. To install nest, you will be needed node js into your system at first as it is a node framework. The installation process is here.... In the structure of the nest project, you will see that it uses typescript in the source folder.  To see the structure, first follow the documentation from the given link, install nest into your system. Now, you have nest and the project into your system. img: Nest structure In the src foleder you will get the ts files where you will do your project. You should install controller into your project by this command: $ nest g controller items  Then you will get this folder: img: Controllers To run the server, you can use - $  npm start. If you will use this comma...
Read more

Malware Analysis

-
Image
  Malware analysis is the process of studying a malware sample to determine the origin of malware, it's functionality and potential impact. This is one of the major part of the cyber security field. When you will detect malware, you must need to analyze this so that you can protect your system from this malware. You will get several malwares for analysis on the internet. I will share some sample sites for you. Remember, this can be dengerous for your system, so do analysis into virtual machine.  The sites are:  - github.com/vxunderground/MalwareSourceCode/ - Virustotal.com (accessing samples requires a VT Enterprise subscription) - Malware-traffic-analysis.net - zeltser.com/malware-sample-sources/ Techniques in Malware analysis: There are three types of malware analysis. Static analysis, Dynamic analysis, Hybrid analysis. Static Analysis: This is also known as code analysis. You can analyze this without running by this method. - Analyze binaries without actually running t...
Read more

Internet Computer (ICP) - Blockchain

-
Image
  ICP What is ICP? Internet computer or ICP is a secured and transparent blockchain based network that can be used to host data and programs. The programs and data both are being hosted on chain on the internet computer and they're often  reffered to as decentralized applications. DAPPs are created by the development smart contracts, which on the internet computer are known as canisters. It aims to create a decentralized internet where applications can run without traditional servers. The cannisters contains programs codes and state. Lets dive into deep: Purpose: To extend the functionality of the internet, enabling it to host smart contracts and decentralized applications (dApps) at scale. ICP Tokens Utility: ICP tokens are used to pay for computation and storage on the Internet Computer network. Staking and Governance: Holders can stake ICP tokens in neurons to participate in governance and earn rewards. How ICP Works It basically works on two things. Canisters and Cy...
Read more