Latest Blogs About "DevSecOps"

113 total posts.

5 Min Read
Parsing Simple Grammars in Scala With parboiled2

Ryan Plessner

January 25, 2017

parboiled2 is a Macro-Based PEG Parser Generator written in Scala. It has become our preferred tool for creating parsers for simple grammars. It ...

2 Min Read
Why You Can’t Wait Until a Security Person is Hired

Tim Armstrong

January 11, 2017

Organizations wait to implement security solutions for a variety of reasons. One that we often hear is that they’re looking to land that cloud ...

4 Min Read
3 Ways Businesses Can Address IoT Security Failures

Tim Armstrong

January 5, 2017

I watched a Twilight Zone marathon over the New Year’s weekend, and it got me wondering about today’s Internet of Things (IoT). Are “Things” ...

6 Min Read
Test Systems: The Soft Underbelly of System Security

Apollo Catlin

December 22, 2016

Test systems are the guts of your overall system design. Test systems embody an incredible amount of the history of how your team’s code and ...

4 Min Read
Securing User Credentials With the YubiKey 4

Pat Cable

December 20, 2016

I’m a big fan of the YubiKey 4. The YubiKey is a security device that originally outputted a 44-character “one time password” that could be ...

2 Min Read
Unit Testing With Webpack & Mocha

Vitaliy Zakharov

December 19, 2016

After moving our build infrastructure to webpack, one of the hurdles we had to overcome was finding a good way to run unit tests. Quite a few ...

4 Min Read
Vulnerabilities and Exploits: What You Need to Know

Tim Armstrong

December 12, 2016

Exploits feed on vulnerabilities. Vulnerabilities, in turn, pave the way for exploits. These closely related security concepts are often confused, ...

4 Min Read
4 Ways to Make Tech Debt Great Again

Lucas DuBois

December 6, 2016

The cursor blinks steadily as you stare at a line of code that seemingly serves no purpose. You’re trying to fix a bug that is clearly manifested ...

5 Min Read
5 Things Security Can Learn From Operations’ Transition Into DevOps

Tom McLaughlin

December 2, 2016

Over the past couple of years, a discussion has been brewing in the Security community about the future of its work. On one hand, the need for a ...

4 Min Read
Too Big to Succeed: Monolithic Madness

Lucas DuBois

November 28, 2016

We’ve all been there. You start your pretty new [insert language here] project, with a vow to do things right. You carefully discuss the project ...

4 Min Read
Ramping up on Finch: Avoiding Common Gotchas

Ryan Plessner

November 23, 2016

While we have been using Scala for awhile at Threat Stack, we haven’t been overly satisfied with the HTTP servers that we have used. So a few ...

4 Min Read
How to Conduct a Blameless Security Post-Mortem

Pete Cheslock

November 11, 2016

When someone in your company clicks on a bad link, it can spell bad news. But you know what’s worse? Them never telling you. When employees are ...

5 Min Read
Vulnerability Management: Navigating the Deep Dark Pit of Version Numbers

Tim Armstrong

November 8, 2016

One of the first things any security practitioner will tell you to do is keep your software up to date. It’s the number one way to protect against ...

5 Min Read
The 5 Ingredients of a Successful SecOps Implementation

Pete Cheslock

November 3, 2016

Ask three people what SecOps is and chances are you’ll get three different descriptions: It’s a team It’s a job title It’s a ...

6 Min Read
C++ in the Linux kernel

Nathan Cooprider

October 28, 2016

I've seen some crazy things. I've also done some crazy things. I’m going to tell you about one of them. A developer walks into a bar. He then ...

5 Min Read
Will SecOps Finally Close the Security and Operations Gap? A Q&A with Pete Cheslock

Pete Cheslock

October 27, 2016

At Threat Stack, we’ve been a SecOps-oriented team from day one. This means our developers, operations, and security practitioners all work ...

5 Min Read
Five Lessons We Learned on Our Way to Centralized Authentication

Pat Cable

October 25, 2016

In many startups, centralized authentication is a "future us" problem. Setting up centralized auth is useful for managing your network, but requires ...

8 Min Read
Useful Scala Compiler Options, Part 3: Linting

Ryan Plessner

October 4, 2016

In my previous two posts on Scala Compiler options, we saw a number that can improve your experience developing Scala. In this post I want to focus ...

4 Min Read
How to Monitor Network Activity When Your Infrastructure Lacks an Edge

Pete Cheslock

September 29, 2016

It won’t be long before network perimeters are a thing of the past. As companies continue to adopt the cloud, either going all-in or operating in ...

4 Min Read
My Journey in Scala, Part 3: None is Better Than Undefined

Joe Baker

September 26, 2016

Here’s the situation: At Threat Stack we consume a torrent of security event data every day, and as many new customers come on board, the amount of ...

4 Min Read
How to Create a Security-Minded DevOps Organization: Three Best Practices

Pete Cheslock

September 22, 2016

You’re a week into your new job and a colleague shouts out across the room before a big deployment: “Hey John, you’ve got security covered, ...