Jump to content

Search the Community

Showing results for tags 'devsecops'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General
    • Welcome New Members !
    • General Discussion
    • Site News
  • DevOps & SRE
    • DevOps & SRE General Discussion
    • Data Engineering, Data Science & AI
    • Development & Programming
    • CI/CD & GitOps
    • Docker, Containers, Microservices & Serverless
    • Infrastructure-as-Code
    • Kubernetes
    • Linux
    • Monitoring, Observability & Logging
    • Security
  • Cloud Providers
    • Amazon Web Services
    • Google Cloud Platform
    • Microsoft Azure
    • Red Hat OpenShift

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


LinkedIn Profile URL


About Me


Development Experience


Cloud Experience


Current Role


Skills


Certifications


Favourite Tools


Interests

  1. Organizations need a scalable security orchestration framework that eliminates friction in DevSecOps workflows and drives efficiency in real-time.View the full article
  2. Incidents It has been implicated in activity which resembles scanning remote hosts on the internet for security vulnerabilities. Activity of this nature is forbidden in the AWS Acceptable Use Policy (https://aws.amazon.com/aup/). We’ve included the original report below for your review. This is a notification of unauthorized uses of systems or networks. We have observed IP addresses from your network probing my servers for TCP open ports. Due to their dubious behavior, they are suspected to be compromised botnet computers. If you regularly collect IP traffic information of your network, you will see the IPs listed connected to various TCP ports of my server at the time logged, and I suspect that they also connected to TCP ports of many other IPs. If a Linux system was at the attacker’s IP, you might want to use the command “netstat -ntp” to list its active network connections. If there is still some suspicious connection, find out what PID/program/user ID they belong to as you might find something to help you solve this problem. In addition to the above, kindly notify the victims (owners of those botnet computers) as this will assist them in taking the appropriate action to clean their computers. Once this action is completed, not only will it prevent severe incidents such as data leakage and DDos but, it will also stand off botnets from taking up your network bandwidth. Solution Step – 1 – Investigate the Process $ netstat -ntp $ ps -p 207082 -o command= $ ls -l /proc/207082/exe Step 2 – Check for Service Units or Cron Jobs The process might be started by a systemd service or a cron job: Systemd service: Check for custom systemd service files in /etc/systemd/system/ or /lib/systemd/system/ and use systemctl to list all services to see if any custom or suspicious service is running. Step 3 – Stop and Disable the Process If the process is managed by a systemd service, disable and stop it: $ sudo systemctl stop servicename.service $ sudo systemctl disable servicename.service If it's a cron job, remove or comment out the line in the crontab. Step 4 – Remove Executable and Clean Up After identifying the executable, consider carefully removing it if it's confirmed to be malicious or not needed: $ sudo rm /path/to/executable Be cautious, as removing system files or legitimate processes can harm your system. 5. Further Security Measures Rootkit Check: Since this process appears suspicious, it’s a good idea to run a tool like rkhunter or chkrootkit to check for rootkits. Malware Scan: Use a Linux-based antivirus tool to scan your system for malware. Audit Logs: Check /var/log/auth.log, /var/log/syslog, or relevant system logs for any unusual activity, especially around the times the process was started. System Updates: Ensure your system and all applications are up-to-date with the latest security patches. Firewall Review: Verify your iptables rules and ensure no unwanted rules are allowing traffic through. Network Monitoring: Monitor outbound and inbound connections for further suspicious activities. CULPRIT#1 I see the process was getting created by daemon user and through crontab file /var/tmp/bash18 file /var/tmp/sh18 file /var/tmp/init18 file /var/bash18 file /var/sh18 file /var/init18 file /var/lock/bash18 file /var/lock/sh18 file /var/lock/init18 Investigation Further -> How this code was added in Crontab? I am wondering how these executable such as bash18, sh18 and init18 is set in user daemon crontab using XAMPP. Any clue? To search through your JavaScript (.js) and PHP (.php) codebase for patterns that might indicate code responsible for adding cron jobs, you can use the grep command in Linux. Basic grep Search This searches all PHP and JS files for the word "crontab": $ grep -r --include=\*.{php,js} "crontab" . Search for Shell Execution Functions Many malicious scripts use PHP's shell execution capabilities (exec, shell_exec, system, passthru, and backticks) to run system commands. $ grep -r --include=\*.php "\(exec\|shell_exec\|system\|passthru\|`\)" . This command will search for any of the mentioned functions in PHP files. Note the use of backslashes to escape certain characters and the use of \| to indicate an "OR" condition. Searching for Suspicious Base64 Encodings Malicious code is often encoded in Base64 to obfuscate its presence. Searching for Base64 encoded strings can sometimes uncover hidden malicious code. $ grep -r --include=\*.{php,js} "base64_decode" . The post DevSecOps: scanning remote hosts on the internet for security vulnerabilities appeared first on DevOpsSchool.com. View the full article
  3. DevSecOps requires teams to collaborate and enable the organization to deliver safer applications to customers without compromising security.View the full article
  4. A JFrog survey found that 60% of IT professionals typically spend four days or more remediating application vulnerabilities in a given month.View the full article
  5. About The Certified DevSecOps Engineer course is designed to equip participants with the skills and knowledge needed to integrate security practices within the DevOps process. This comprehensive training will cover essential security principles and tools, enabling engineers to build safer software in a fast-paced environment. Course Features Interactive Learning: Engage in hands-on sessions with real-world scenarios. Expert Instructors: Learn from industry professionals with extensive experience. Comprehensive Materials: Receive materials that cover all aspects of DevSecOps. Certification: Obtain a certification upon completion, validating your expertise in DevSecOps. Training Objectives Understand the importance of integrating security into the DevOps culture. Master the use of tools and techniques for securing applications and infrastructure. Learn to automate security within the CI/CD pipeline. Develop skills to assess, remediate, and prevent vulnerabilities in software development. Target Audience DevOps Engineers looking to specialize in security Security Professionals seeking to understand DevOps practices IT Managers aiming to implement DevSecOps in their teams Software Developers interested in security aspects of software development Training Methodology Hands-On Labs: Practical exercises and real-world simulations. Group Discussions: Collaborative learning through sharing experiences and ideas. Case Studies: Analysis of real-world security incidents and practices. Daywise Agenda Day 1 Introduction to DevSecOps Security Principles in DevOps Setting up a Secure DevOps Environment Day 2 Tools and Technologies for DevSecOps Automating Security in CI/CD Vulnerability Management Day 3 Infrastructure as Code (IaC) Security Compliance and Governance Incident Response and Monitoring Day 4 Security in Application Development DevSecOps Best Practices and Strategies Preparing for the Certification Exam Trainers Rajesh Kumar: An experienced DevSecOps professional with over a decade of experience in integrating security into development processes. FAQs Who should attend this course? Anyone interested in learning how to integrate security into the DevOps process. What are the prerequisites for this course? A basic understanding of DevOps and software development is beneficial but not mandatory. How is the certification obtained? The certification is awarded upon passing an exam at the end of the course. Is this course suitable for beginners? Yes, it is designed to accommodate participants with varying levels of experience in DevOps and security. How to contact us? The post Certified DevSecOps Engineer Course appeared first on DevOpsSchool.com. View the full article
  6. AISecOps, the application of DevSecOps principles to AI/ML and generative AI, means integrating security into models' life cycles. View the full article
  7. A recent survey found that, on average, organizations have 55.5 security vulnerabilities each day in their remediation queue, with at least one critical.View the full article
  8. Welcome to another insightful discussion on CloudTweaks. Today, we have the privilege of delving into the dynamic intersection of DevOps, Security, and Tokenization with a seasoned expert in the field, Jeremy Smillie. With over 17 years of IT experience, Jeremy acts as VP of DevSecOps for Exact Payments and is an expert in managing strict industry […] Source View the full article
  9. There are many benefits to implementing DevSecOps: minimized risk, reduced remediation costs, and faster and more secure product releases. But from a developer’s perspective, there’s a lot to be desired from the day-to-day practice. Developers often experience fragmented tool integration and are forced to take on additional responsibilities that can make the software development lifecycle (SDLC) seem more complex and overwhelming. They can also face development delays while working to understand, prioritize, and resolve different kinds of security alerts. Evaluating and improving DevSecOps to make security a painless part of the current developer workflow is imperative to secure, fast delivery. Below, we’ll look at five tips for improving the experience and making security tools more usable for developers. But first, what is DevSecOps? The “Sec” in DevSecOps stands for security, and its addition to DevOps promotes security as a core component of the SDLC. The DevSecOps approach to software development puts the responsibility of security on everyone at an organization (as opposed to just the security team) by integrating security at the start of code production—or better yet, during the planning phase before the first line of code is written. This way, organizations can catch and fix vulnerabilities in the development process rather than in production or after release. The result: security teams can use their expertise to set security policies, prioritize remediation focus areas, and foster the right behaviors and security teachings across the organization. Meanwhile, developers can interact with security tools, and are the first line of defense in reviewing, understanding, and remediating vulnerabilities. DevSecOps advantages include shipping secure software more quickly and reaping cost-savIng benefits. In fact, IBM’s 2023 Cost of a Data Breach report cites a $1.68M cost savings for organizations with high DevSecOps adoption compared to those with low or no adoption. Check out our full guide to DevSecOps > 5 tips for improving the DevSecOps experience Improving the DevSecOps experience was top-of-mind for many speakers at GitHub Universe 2023. To catch you up, we pulled together the top five tips shared across various talks and interviews at the event. GitHub Universe '23 is on demand Check out our playlist of recorded sessions, and stay updated on the latest in AI, security, and the developer experience. 1. Involve developers in security decisions The more developers are involved in creating a security process and making policy decisions, the smoother the collaboration will be between engineering and security teams. So, before you purchase a new tool or change a policy, invite a developer champion into the conversation and ask for their feedback. Here are some questions to get the conversation started: What security practices and tools are currently in place? Understanding what’s in use will help identify areas that need improvement. Do you find current security practices or tools help or hinder your workflow? How? Reducing friction in the DevSecOps pipeline can improve productivity. What security tools or practices would you recommend? Why? Developers may have fresh perspectives to offer on technologies or approaches. How comfortable are you integrating security into your work? This could help to identify gaps in training and support. Are there any specific security measures you feel are redundant or unnecessary in your workflow? This could reveal practices that consume resources without providing substantial benefits. Do you have sufficient communication and collaboration with the security team? Evaluating cross-team interactions can help to create a more collaborative culture. 2. Adapt security features to the developer environment It’s important to acknowledge that many security tools are built for security professionals, and can create friction when bolted onto a developer’s workflow. When trying to integrate a security tool into the SDLC, it can be more effective to extract the desired data from the security tool and natively integrate it into the developer’s workflow—or, even better, use a security tool where the data is already directly embedded into the developer’s flow. Doing so reduces context switching and ultimately helps developers to detect and remediate vulnerabilities earlier. In 2019, we acquired Dependabot and Semmle, which developed CodeQL. While Dependabot was designed for developers, CodeQL was designed for security experts, which we knew would be a barrier to entry for developers. So, we went to work optimizing CodeQL for developers, incorporating its functionalities directly into their workflow. Today, developers don’t have to install or set up these tools separately. They can enable Dependabot alerts from repository settings. Once enabled, alerts go out if an outdated or vulnerable dependency needs to be updated, along with critical details about the vulnerabilities—all in a pull request. Developers can also enable code scanning through CodeQL from repository settings. Doing so will notify them about new and current static analysis alerts in their code. Niroshan Rajadurai, senior director of GTM strategy for AI and DevSecOps, and I discuss the importance of designing security tools for developers in the age of shifting left: https://github.blog/wp-content/uploads/2024/01/GH_Blog_NickLiffen_NiroshanRajadurai_Excerpt_1920x1080_Caps_L3rds.mp4 Another way to reduce context switching and cognitive load is implementing AI tools, like GitHub Copilot. We’ll talk more about AI security capabilities below, but let’s first focus on how they can create a smoother DevSecOps experience within the IDE. When developers receive a security alert, they can use a tool like GitHub Copilot Chat directly in their IDE instead of having to navigate to another website to research what the alert is, and how to fix it. Beyond understanding the theory behind the alert, developers can prompt Copilot Chat to create examples of how to fix that vulnerability tailored to the code in their IDE. As a result, they get a practical, hands-on learning experience that shows how the vulnerability manifests in real code. Joseph Katsioloudes, a developer advocate for GitHub Security Lab, shares how AI can reduce cognitive load for a developer who’s been notified about a secret injection: 3. Maintain a developer’s trust in a security tool with an effective alert system Bringing security into the development process ensures that remediating alerts becomes native to the developer’s workflow. However, developers still need to know what alerts to remediate and by when. Simply asking developers to remediate all alerts is untenable and unrealistic. When developers are shown a long PDF of 500+ alerts that they’re assigned to review and fix (a pain point I’ve written about before), it’s probable that many of the alerts are false positives and only a portion are worth addressing. Why does this matter? For one, the developer has lost valuable time reviewing all of these alerts. Second, as the tool continues to produce these laundry lists, the developer will lose trust in the tool. That could result in the developer skimming past critical alerts because of low confidence in the tool’s data. A security tool that’s effectively integrated into the SDLC has an alert system that surfaces high-priority alerts directly to the developer. For instance, alert settings based on custom and automated triage rules ensures engineering teams address the most urgent security alerts first. Being able to filter and search code scanning alerts helps developers to sift through a large set of alerts to focus on a particular type. And providing the ability to dismiss an alert—either by fixing or closing it—will reduce noise by stopping the tool from repeatedly generating the same alert on the same code. Combined with processes to address a percentage of critical and high-risk vulnerabilities over a period of time, an effective security alert system helps developers prioritize high-risk alerts and help to clean an organization’s security debt, that is, the vulnerabilities that accumulate over time and therefore become harder and more costly to fix. John Swanson, director of security strategy at GitHub, shares how new technology is creating developer-first security processes that enable developers to fix vulnerabilities earlier in the SDLC: https://github.blog/wp-content/uploads/2024/01/GH_Blog_JohnSwanson_Excerpt_1920x1080_Caps_L3rds.mp4 4. Use AI and automation to help developers find and fix vulnerabilities Limited resources, rapid threat evolution, noisy false positive alerts, and the increasing complexity of systems—along with the continued use of legacy systems—can make it challenging to stay on top of the latest and most urgent vulnerabilities. But here’s some good news: AI and automation can help reduce false positives, enable developers to conduct consistent security checks, and scale security practices all at once. For instance, a feature like code scanning autofix streamlines remediation into the developer workflow by providing, alongside a vulnerability alert, an AI-generated code fix for CodeQL JavaScript and TypeScript in a pull request. Additionally, secret scanning alerts developers if any secrets have been detected in code. This capability can be coupled with AI to detect generic or unstructured secrets and auto-generate custom patterns, which will detect token types unique to an organization. Additionally, AI has the potential to enhance the modeling of an extensive range of open source frameworks and libraries. Security teams traditionally model thousands of packages and APIs by hand. Considering the sheer number and diversity of packages, along with frequent library updates, deprecations, or replacements, it’s a daunting task to keep abreast these changes and scale this modeling capability efficiently. That’s where AI comes in. As the proportion of these frameworks are accurately modeled increases, the likelihood of diminishing false negatives also rises due to a better understanding of data flow within these systems. By turbocharging modeling efforts with AI, security experts can detect more vulnerabilities. In fact, GitHub’s CodeQL team used AI modeling to discover a new security vulnerability. Although this technology is still in the experimental phase at GitHub, we offered a glimpse into its potential during GitHub Universe 2023. Rajadurai and I show how AI can address pressing security challenges, like modeling unknown packages, which could ultimately reduce the number of false positives: Other automation capabilities include: Branch protection rules that trigger code reviews when changes are made to important branches. Status checks that require code to pass all security checks before it’s merged. Code scans in CI/CD pipelines with GitHub Actions. John Ruiz, security operations engineer at GitHub, emphasizes the importance of improving, then automating, basic security processes so developers can focus on what they do best, which is building great software: https://github.blog/wp-content/uploads/2024/01/GH_Blog_JohnRuiz_Excerpt_1920x1080_Caps_L3rds.mp4 5. Create clear expectations around secure coding practices, and communicate them through champions A big part of improving the DevSecOps experience is not introducing more tooling, but getting clear on the process and expectations of how developers should use the tools they already have. Clear communication about policies ensures an organized and consistent approach to implementing security throughout the SDLC. Organizations should work with vendors to create guides for how to use a new tool or product, then select security champions to echo these expectations across engineering teams. Some principles that guide GitHub’s Product Security Engineering team when evaluating tools and designing a rollout plan include: Weighing the security benefits of a new process against the impact on engineering teams. How we can roll out a new process or tool incrementally and gather feedback. Getting clear on expectations for engineers and prioritizing clear communication of those expectations. Clear expectations for secure coding practices help to eliminate ambiguity and increase security consciousness among developers. Selecting champions who can clearly communicate those expectations can help to model desired behavior and drive a DevSecOps culture across the organization. As a result, secure coding standards are more likely to be understood and consistently implemented by developers, which enables organizations to quickly deliver more secure software. Continuously improving DevSecOps As developers embrace more security responsibility under the DevSecOps and shift-left models, evaluating and improving their user experience needs to be a priority. Organizations that invest in understanding a developer’s DevSecOps pain points and iterating solutions to address them, will see improved collaboration between engineering and security teams and faster delivery of more secure code. More DevSecOps resources Learn from security leaders about creating a safe but flexible developer experience, innovating faster by automating governance, securing the software supply chain with proven practices, and more. Check out our comprehensive guide to DevSecOps. Security training can be game-ified to increase retention. A free interactive training resource, like Secure Code Game, teaches developers how to spot and fix vulnerable patterns in real-world code, build security into workflows, and understand security alerts generated against code. Read more about why making security tools usable for IT professionals is critical to securing the software supply chain. The post 5 ways to make your DevSecOps strategy developer-friendly appeared first on The GitHub Blog. View the full article
  10. Despite years of discussing DevSecOps, achieving security and development collaboration remains an uphill battle in most organizations. This article explores why real-world DevSecOps adoption lags behind expectations, common barriers faced, and how the Stream Security platform bridges visibility and policy gaps to foster joint ownership between siloed teams, finally working from a "single source of truth." The Slow March of DevSecOps Evolution While the concept of DevSecOps has been discussed for years as a best practice for integrating security into development lifecycles, actual adoption has been gradual at best. As Or Shoshani, CEO of cloud security provider Stream Security, explains, "In most of the organizations that we have been working with and exposed to, the SecOps and DevOps are still being separated into two different groups." View the full article
  11. At KubeCon NA 2023, Alan Shimel talks with David DeSanto from GitLab about the potential for generative AI in DevSecOps.View the full article
  12. Here are six distinct technology trends that are poised to be particularly influential for DevOps in the new year.View the full article
  13. This is an article from DZone's 2023 Enterprise Security Trend Report. For more: Read the Report DevSecOps — a fusion of development, security, and operations — emerged as a response to the challenges of traditional software development methodologies, particularly the siloed nature of development and security teams. This separation often led to security vulnerabilities being discovered late in the development cycle, resulting in costly delays and rework. DevSecOps aims to break down these silos by integrating security practices into the entire software development lifecycle (SDLC), from planning and coding to deployment and monitoring. View the full article
  14. Security is critical in all phases of software development, including conception, creation, and release. DevSecOps is a practice that has grown in popularity as a means of assuring the security of a web application or software product. According to the AWS homepage, "DevSecOps is the practice of integrating security testing into every stage of the software development process. It consists of tools and methods that promote collaboration among developers, security experts, and operational teams in order to create software that is both efficient and secure. DevSecOps brings a cultural shift that makes security a shared responsibility for all software developers." View the full article
  15. In this article, we will delve into the crucial concept of an internal DevSecOps platform (IDSP) and why businesses need it. The traditional approach of treating security as an afterthought or as a separate stage in the software development lifecycle is no longer defensible in an age where data breaches, cyberattacks, and compliance concerns loom large. An IDSP is a bridge that brings together development, security, and operations where security is not just an end goal but an ongoing, integral part of the entire software development journey. View the full article
  16. Backslash announced general availability of an ASPM platform that identifies and prioritizes vulnerabilities based on ease of exploitation. View the full article
  17. A Denali update to Digital.ai's DevSecOps platform promises to simplify integration of custom AI models with those developed by the company. View the full article
  18. Optimizing the software development cycle is becoming increasingly crucial as the world relies more on digital solutions. Rapidly digitizing industries like manufacturing need reliable, feature-rich, and secure platforms, but conventional dev practices can’t always meet these needs. DevSecOps could be the answer. DevSecOps combines development, operations, and security workflows instead of having these teams work one after another in silos. Testing, collaboration, and security tweaks are constants throughout the process instead of the last steps. As a result, this workflow provides the agility and safety manufacturing operations need. View the full article
  19. Discover the DevSecOps best practices to implement in your organization and ensure secure and efficient software development.View the full article
  20. About DevSecCon London is a leading event in the world of DevSecOps. Experts and enthusiasts gather to explore the latest trends and innovations. Sessions include risk-driven security and the importance of security within DevOps. Join the community for an engaging and enlightening experience. Details https://10times.com/devsecops-conference
  21. can you recommend me the best books ( the ones you absolutely must have both technical and non-technical) on the subject of DevOps and DevSecOps? many thanks
  22. There's an integral link between platform engineering and DevSecOps and the broader infrastructure management landscape. View the full article
  23. A survey of 200 DevOps and IT/information security professionals published this week by Mezmo, a provider of an observability platform, conducted in collaboration with the market research firm Enterprise Strategy Group (ESG), finds only 22% report their organization has a formal DevSecOps strategy to integrates security into their software development lifecycle (SDLC) processes. Among those […] View the full article
  24. Whether you made it to San Francisco, California last month for RSA Conference or not, you don’t want to miss Tuesday’s DevOps Connect: DevSecOps Virtual Summit. On Tuesday, July 12, 2022, we are presenting a virtual broadcast of the sessions from our recent DevOps Connect: DevSecOps event at RSA Conference in June 2022. All of […] View the full article
  25. Analyzing the DevOps and DevSecOps software marketplace demonstrates the high demand for tools and platforms that reduce false positives. As businesses and organizations adopt a rigorous, disciplined software development life cycle and ascribe to strict compliance frameworks, they quickly realize that automated tools can generate a substantial amount of noise, in the form of false […] The post Turning Off DevSecOps Noise for Functional Fidelity appeared first on DevOps.com. View the full article
  • Forum Statistics

    39.7k
    Total Topics
    39.9k
    Total Posts
×
×
  • Create New...