Category: Continuous Security

Security Integration Testing (Part 3): Integrating with a Continuous Delivery pipeline

Posted on May 17, 2016 by Dave Bettinger | Leave a comment

Continuous Security: Security in the Continuous Delivery Pipeline is a series of articles addressing security concerns and testing in the Continuous Delivery pipeline. This is the seventh article in the series. Introduction The purpose of this blog series is to show how AWS Config and Lambda can be used to add Security Integration tests to a Continuous … Continue reading Security Integration Testing (Part 3): Integrating with a Continuous Delivery pipeline

Automating Penetration Testing in a CI/CD Pipeline (Part 2)

Posted on May 11, 2016 by Nick DeClario | 2 Comments

Continuous Security: Security in the Continuous Delivery Pipeline is a series of articles addressing security concerns and testing in the Continuous Delivery pipeline. This is the sixth article in the series. In the first post, we discussed what OWASP ZAP is, how it’s installed and automating that installation process with Ansible. This second article of … Continue reading Automating Penetration Testing in a CI/CD Pipeline (Part 2)

Security Integration Testing (Part 2): Building and deploying a testing framework on AWS

Posted on May 3, 2016 by Dave Bettinger | Leave a comment

Continuous Security: Security in the Continuous Delivery Pipeline is a series of articles addressing security concerns and testing in the Continuous Delivery pipeline. This is the fifth article in the series. Introduction The purpose of this blog series is to show how AWS Config and Lambda can be used to add Security Integration tests to a Continuous … Continue reading Security Integration Testing (Part 2): Building and deploying a testing framework on AWS

Automating Penetration Testing in a CI/CD Pipeline

Posted on April 28, 2016 by Nick DeClario | 2 Comments

Continuous Security: Security in the Continuous Delivery Pipeline is a series of articles addressing security concerns and testing in the Continuous Delivery pipeline. This is the first article in the series. As the internet has matured and grown the need for stronger security has exceeded that pace. Penetration testing has become a large part of … Continue reading Automating Penetration Testing in a CI/CD Pipeline

Security Integration Testing (Part 1): Resource Monitoring with AWS Config Rules

Posted on April 19, 2016 by Dave Bettinger | Leave a comment

Continuous Security: Security in the Continuous Delivery Pipeline is a series of articles addressing security concerns and testing in the Continuous Delivery pipeline. This is the third article in the series. Introduction In a Continuous Delivery pipeline it is imperative to enforce infrastructure security policies and ensure that any new code or infrastructure changes don’t result … Continue reading Security Integration Testing (Part 1): Resource Monitoring with AWS Config Rules

Finding Security Problems Early in the Development Process of a CloudFormation Template with "cfn-nag"

Posted on April 7, 2016 by Eric Kascic | 8 Comments

Continuous Security: Security in the Continuous Delivery Pipeline is a series of articles addressing security concerns and testing in the Continuous Delivery pipeline. This is the second article in the series. CloudFormation Background CloudFormation templates are a great way to provision AWS resources.  They allow an infrastructure developer to declare what resources are to be … Continue reading Finding Security Problems Early in the Development Process of a CloudFormation Template with "cfn-nag"

Continuous Security: Security in the Continuous Delivery Pipeline

Posted on April 5, 2016 by The Stelligent Team | 8 Comments

Continuous Security is the addressing of security concerns and testing in the Continuous Delivery pipeline, and is as much a part of continuous delivery as operations, testing, or security is a part of the DevOps culture. This article is the first in a series which talks about ways of integrating security testing/validation of both software … Continue reading Continuous Security: Security in the Continuous Delivery Pipeline