Is updating your firewall a painful, slow process? Does the communication gap between development teams and security teams cause frustration? If so, you’re not alone. In technology organizations, changes to firewalls tend to be slow and typically cause developer teams and security teams numerous headaches. However, controlling firewall and security settings with a pipeline, managed with CloudFormation can Read more…
In this episode, Paul Duvall and Brian Jakovich from Stelligent cover recent DevOps in AWS news and speak about automating Compliance using AWS Config, Config Rules and AWS Lambda. Read more…
Continuous Security: Security in the Continuous Delivery Pipeline is a series of articles addressing security concerns and testing in the Continuous Delivery pipeline. This is the seventh article in the series. Introduction The purpose of this blog series is to show how AWS Config and Lambda can be used to add Security Integration tests to a Continuous Read more…
Continuous Security: Security in the Continuous Delivery Pipeline is a series of articles addressing security concerns and testing in the Continuous Delivery pipeline. This is the fifth article in the series. Introduction The purpose of this blog series is to show how AWS Config and Lambda can be used to add Security Integration tests to a Continuous Read more…
Continuous Security: Security in the Continuous Delivery Pipeline is a series of articles addressing security concerns and testing in the Continuous Delivery pipeline. This is the third article in the series. Introduction In a Continuous Delivery pipeline it is imperative to enforce infrastructure security policies and ensure that any new code or infrastructure changes don’t result Read more…
This is an older post. For newer information on cfn_nag and DevSecOps, please check out these posts: Development Acceleration Through VS Code Remote Containers: How We Leverage VS Code Remote Containers For Rapid Development of cfn_nag Custom Rule Distribution Enhancements for cfn_nag Is My Container Image Secure? CI/CD Container Scanning using Trend Micro Deep Security Read more…
Continuous Security is the addressing of security concerns and testing in the Continuous Delivery pipeline, and is as much a part of continuous delivery as operations, testing, or security is a part of the DevOps culture. This article is the first in a series which talks about ways of integrating security testing/validation of both software Read more…
Many organizations require a secure infrastructure. I’ve yet to meet a customer that says that security isn’t a concern. But, the decision on “how secure?” should be closely associated with a risk analysis for your organization. Since Amazon Web Services (AWS) is often referred to as a “public cloud”, people sometimes infer that “public” must Read more…