security | TechWell

security

Stacy Kirk DevOps Transformations for QA Teams: A Slack Takeover with Stacy Kirk

Thought leaders from the software community are taking over the TechWell Hub to answer questions and engage in conversations. QA architect an agile coach Stacy Kirk, founder of QualityWorks Consulting Group LLC and nodeqa.io, hosted this Slack takeover and discussed improving teams by implementing DevOps practices.

Kelly McGee's picture
Kelly McGee
Signposts saying "Myth" and "Fact" Debunking 4 Myths of DevSecOps Adoption

DevSecOps means more secure applications through greater collaboration. However, many organizations hold preconceived notions and misconceptions about what DevSecOps is and why their organizations will face challenges in adopting it. Here are four common myths about DevSecOps transformation, along with the truth.

Alan Crouch's picture
Alan Crouch
Tester holding black Android smartphone Detecting and Preventing Android Security Risks

Even though the Android app development process involves thorough verification, there has been no preventing new malware from being developed. Here are some of the most common potential security risks Android users should watch out for, as well as some measures to take to protect your smartphone, data, and privacy.

Harshal Shah's picture
Harshal Shah
Larry Maccherone Building Security into DevOps: A Slack Takeover with Larry Maccherone

Thought leaders from the software community are taking over the TechWell Hub to answer questions and engage in conversations. Larry Maccherone, senior director at Comcast, hosted this Slack takeover and discussed what DevSecOps means, how to get started with security, and the changing role of security specialists.

Beth Romanik's picture
Beth Romanik
Keys on a keyring How to Get Security Groups to Join Your DevSecOps Journey

DevSecOps shifts security practices left and assures earlier that your application isn't vulnerable to breaches. But convincing a security group to get on board with your DevSecOps journey may not be an easy task. These four points can help you prove to your security group that DevSecOps is in everyone’s best interest.

Alan Crouch's picture
Alan Crouch
Closeup photo of laptop computer lit up at night The Value of Security Testing in QA

For many organizations, traditional testing groups are separated from the IT security group. But having traditional testers perform some security testing efforts is a great way of achieving a balanced approach to shifting left while being mindful of staffing and budgetary challenges. It also has some great advantages.

Alan Crouch's picture
Alan Crouch
Combination padlock for security Continuous Security in Agile Development

"Continuous" gets mentioned a lot in agile and DevOps, but one area that often doesn’t get enough attention is how to continuously build, test, and deliver secure applications. Just like for quality, you can’t test security in, so you need to have a plan for how to build it in. Here are some tips on how to do that.

Jeffery Payne's picture
Jeffery Payne
Espresso being poured into a cup of water and mixing Integrating Threat Modeling into Agile Development

Threat modeling helps you determine where to focus your security testing efforts when building your app. But people often wonder how it can fit into their existing agile software development process. Here are three things you can do to integrate threat modeling into your agile workflow, either early on or mid-project.

Alan Crouch's picture
Alan Crouch