Essential DevOps Security Principles

Chris Wysopal

This edition of Software Confidential is by Chris Wysopal, Chief Technology Officer at CA Veracode, where he oversees technology strategy and information security. Chris has testified to the U.S. Congress on government security and how vulnerabilities are discovered in software, and he is the author of “The Art of Software Security Testing”.

Automate from Day One.

Automating security ensures processes are repeatable and minimizes the human steps that can slow things down. In the DevOps context, it is essential because development processes will be highly-automated. Therefore, to run security tests for new releases, security must be integrated with these automated processes. In this integrated DevSecOps system, security is not a burden on the dev process.

Integrate to “Fail Fast”.

Integrating security into the DevOps process also makes it possible to implement the agile principle of failing fast. In this context, that means catching security issues as early as possible. Ideally then, testing should be integrated as close to the developer as possible. For instance, rather than waiting for releases, security tests could be triggered on check-in or even made a pre-check-in requirement.

Maintain Operational Visibility.

Application security cannot stop after deployment. As with other aspects of DevOps, a well-engineered security infrastructure must deliver “closed loop” feedback from production in the event of a security incident. This has a range of benefits including: enabling the team to deploy faster; catching exceptions; detecting and protecting against attacks.

By Chris Wysopal | 25 Apr 2018

Make security a competitive advantage.

We’ll show you how to give users better, safer experiences.

See how >

Subscribe to The Blueprint

Share the wealth and suggest a friend to subscribe to The Blueprint:

At CA, your time and privacy are as important to us as they are to you. We use the information you provide under our legitimate interests to make sure you view topics of interest to you. If we got it wrong, please update your preferences. Read our privacy statement to learn more on how we use your personal information.

Please fill out all required fields

You are now subscribed to The Blueprint.