Cut Time & Costs: 7 Best Practices to Follow When Choosing a Cloud Security Solution

In a SaaS world, everyone wants to move fast! Rapid development can slash time to market and put you in a strong competitive position, and of course this is the way to operate as long as you’re not sacrificing quality. But remember: There’s bad fast as well as good fast. Too often we jump into projects, or we’re pressured to jump in before we’re ready — before we have all the necessary information and a clear understanding of what that information means. Read more “Cut Time & Costs: 7 Best Practices to Follow When Choosing a Cloud Security Solution”

10 Automated Testing Tools That Threat Stack Uses — and Why

All software development projects, whether they’re large or small, can benefit from well-planned and well-executed testing. It’s your way to ensure that the software you’re developing performs as expected and delivers value to the customer. More important — given the nature of our current cyber landscape — well-executed testing is your way to ensure that your software doesn’t ship with errors or vulnerabilities that could compromise its integrity. In a word, good testing lets you pass on performance value to customers — while also providing them with underlying security. Read more “10 Automated Testing Tools That Threat Stack Uses — and Why”

Ten Application Security Terms That Every Developer Should Know

A few months ago I gave a talk about securing microservices at the Boston Cloud Native Computing Meetup. After the presentation, a young developer (a recent college grad) came up to me and said, “Nice talk — I didn’t learn any of that at school.” I asked which parts were new to him — I had covered a lot of material, some of which (like service mesh technology) is pretty new, and it didn’t surprise me that it wouldn’t all have been covered in a CS program. “Well, we weren’t really taught anything about security,” he admitted. As we got to chatting, I realized that he wasn’t exaggerating. He’d taken one network security class and some graduate level courses on cryptography, but none of the ordinary classes incorporated security as a normal part of good software development. It was another demonstration to me that for all our talk in the industry about DevSecOps and “building security in,” the reality remains that most developers are woefully under-prepared with application security skills.  Read more “Ten Application Security Terms That Every Developer Should Know”