DevSecOps Best Practices for Secured & Quick Delivery!

DevSecOps is the integration of security into the DevOps lifecycle and its practices.

By 2023, more than 70% of enterprise DevSecOps initiatives will incorporate automated security vulnerability and configuration scanning for open-source components and commercial packages, which is a significant increase from fewer than 30% in 2019, says Gartner.

This statement emphasizes a few critical security DevOps practices for ensuring secure and bug-free product delivery. Let’s take a closer look at some of the relevant approaches for embedding security checks in the DevOps lifecycle.

DevSecOps helps enterprises around the world to embrace the latest DevSecOps best practices for secure and expedited product delivery.

-Cost reduction: By detecting and fixing security issues early on during the development phases, the costs involved get reduced.
-Speed of delivery: The speed of product delivery increases as security bottlenecks are minimised or eliminated.

Discussed here are the latest DevSecOps practices for ensuring the compliant and secured release of applications.

Continue reading “DevSecOps Best Practices for Secured & Quick Delivery!”

Event Monitoring Using AWS CloudTrail

Amazon Web Services - Wikipedia

Introduction

If you are using cloud based services, it is evident and paramount to track events that have happened. Isn’t it?

Monitoring events in the cloud is important.

If you are using AWS, let’s assume you find that one autoscaling group in your AWS account is deleted. What will be your response?

How will you know who did it?

Continue reading “Event Monitoring Using AWS CloudTrail”

Postgres – CIS Benchmark

PostgreSQL Database Security Audit - 2ndQuadrant | PostgreSQL

We have seen many security incidents. Any breach in security cause concern among enterprises. To be honest it not only concern them, it also gives birth to their nightmare, distrust and scepticism as organisation. The root cause of this distrust is improper implementation and configuration.

Opstree Security has started a new initiative where we rigorously analyse and implement CIS Benchmark of every tools being used today.

In this CIS series, we will discuss the CIS Benchmarks of PostgreSQL.

PostgreSQL

For those who are new to PostgreSQL . Let us give you a quick summary of it.

Continue reading “Postgres – CIS Benchmark”

DevSecOps Diary | HIPAA Compliance

HIPAA stands for Health Insurance Portability and Accountability Act. This act of 1996 is a United States federal statute enactment. It is a series of regulatory standards that outline the lawful use and disclosure of protected health information (PHI). HIPAA compliance is regulated by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR).

But what this ACT has to do with DevOps..? Is it related to the Corona Virus..?

No alt text provided for this image

No, not at all..! Let me explain to you how I landed here.

Continue reading “DevSecOps Diary | HIPAA Compliance”

Recap Amrita InCTF 2019 | Part 2

+

Amrita InCTF 10th Edition is an offline CTF(Capture the Flag) event hosted by Amrita University. In our previous blog, we discussed about talks from the first day. In this we’ll share some lights on the talks from second day.

Continue reading “Recap Amrita InCTF 2019 | Part 2”