Managing Cybersecurity: DevSecOps
HWM Singapore|February 2021
Don’t get overwhelmed with trivial defects.
Managing Cybersecurity: DevSecOps

Contributed By

Taylor Armerding, Software Security Expert, Synopsys Software Integrity Group

“If tools aren’t used correctly, at the right time, and in the right way, they can flag an overwhelming number of potential vulnerabilities, many of them insignificant or irrelevant to a particular project. And that can frustrate development teams to the point that they could start ignoring the warnings or even disabling the tools, undermining the security those tools are meant to enhance.”

That, according to Meera Rao, is one of the biggest challenges of embedding security into DevOps and yielding effective DevSecOps.

Rao, senior director for product management (DevOps solutions) at Synopsys, notes the reality that “at every stage in the pipeline or even in your SDLC, you have many security activities to perform, and each and every one of them gives you vulnerabilities. That can lead to defect overload.”

By now, that list of DevSecOps testing tools and other security tasks is fairly standard. At the start, security teams should conduct threat modeling and risk analysis based on what an application is expected to do and what kind of input, if any, it will handle. Obviously, a page on a website that accepts user input including personal and financial data needs more rigorous security than one that simply provides information, such as the locations of company offices.

During the coding and building phases, automated tools like static, dynamic, and interactive analysis can flag bugs and other defects that could be exploited. Fuzz testing can check how the software responds to random, malformed input. Software composition analysis (SCA) can help find open source components that may have security defects and/or licensing conflicts.

This story is from the {{IssueName}} edition of {{MagazineName}}.

Start your 7-day Magzter GOLD free trial to access thousands of curated premium stories, and 9,000+ magazines and newspapers.

This story is from the {{IssueName}} edition of {{MagazineName}}.

Start your 7-day Magzter GOLD free trial to access thousands of curated premium stories, and 9,000+ magazines and newspapers.

MORE STORIES FROM HWM SINGAPOREView all
How To Secure Your Smartphone
HWM Singapore

How To Secure Your Smartphone

WE COVERED THE IMPORTANCE OF A STRONG password earlier. And this also applies to your smartphone too. While using your birthdate can seem convenient, if you wouldn't use that on your PC, then you shouldn't use it on your phone either.

time-read
5 mins  |
November 2024
Ryzen AI Enters The Fray
HWM Singapore

Ryzen AI Enters The Fray

This review covers the flagship processor in the lineup, the Ryzen AI 9 HX 370, which features a powerful 12-core, 24-thread configuration, 36MB of cache, and Radeon 890M graphics.

time-read
3 mins  |
November 2024
IT'S UPGRADE TIME
HWM Singapore

IT'S UPGRADE TIME

As the tenth anniversary of the Apple Watch approached, rumours about a revolutionary device with a dramatic design change swirled-the Apple Watch X. But as it turns out, we got the Apple Watch Series 10 instead.

time-read
3 mins  |
November 2024
Intel Core Ultra 2 Shines
HWM Singapore

Intel Core Ultra 2 Shines

With a week of hands-on experience with the ASUS Zenbook S 14 powered by Intel's Core Ultra 7 258V, it's clear that Intel has created a chip that's a serious contender in the ultraportable space.

time-read
3 mins  |
November 2024
Smaller, Lighter, Smarter
HWM Singapore

Smaller, Lighter, Smarter

When it comes to second-generation products, you expect improvements, and the Google Pixel Buds Pro 2 certainly delivers.

time-read
3 mins  |
November 2024
AN ATMOSPHERIC ATTEMPT
HWM Singapore

AN ATMOSPHERIC ATTEMPT

Taking on a remake of Konami's classic Silent Hill 2 was always going to be a daunting task. Enter Bloober Team, the studio behind other psychological horror titles like The Medium and Blair Witch. While those were solid efforts in their own right, Silent Hill holds a special place in the hearts of horror fans, and any attempt to update it was bound to be scrutinized.

time-read
3 mins  |
November 2024
BASIC, BUT COMPETENT
HWM Singapore

BASIC, BUT COMPETENT

Following the success of the Nothing Phone (2) and Nothing Phone (2a), the company launched its sub-brand, CMF by Nothing, aimed squarely at the budget-conscious.

time-read
3 mins  |
November 2024
LENOVO YOGA SLIM 7X
HWM Singapore

LENOVO YOGA SLIM 7X

The Lenovo Yoga Slim 7x stands out in terms of build quality and design. With a thickness of just 12.9mm and weighing a mere 1.28kg, this laptop is incredibly portable.

time-read
3 mins  |
November 2024
COMFY, SECURE, AND OPEN
HWM Singapore

COMFY, SECURE, AND OPEN

With the Nothing Ear (Open), the company has focused on elevating the open-fit experience with a stylish design, secure fit, and surprisingly solid audio quality.

time-read
3 mins  |
November 2024
The Emperor Of Mankind Approves
HWM Singapore

The Emperor Of Mankind Approves

Warhammer 40,000: Space Marine 2 puts you right in the middle of the Imperium's most brutal battles, and it does so with an unapologetic embrace of its own absurdity.

time-read
3 mins  |
October 2024