Posts tagged DevOps

5 min InsightAppSec

New Azure DevOps Pipelines Extension for InsightAppSec Helps Improve Web App Security

Rapid7 is excited to announce the release of a new extension to incorporate InsightAppSec within Azure DevOps Pipelines.

Read Full Post

3 min Application Security

Application Security 101: The Importance of DevSecOps in AppSec

In this blog, we will share some insightful tips on all things application security and DevSecOps.

Read Full Post

4 min Automation and Orchestration

How Security Orchestration and Automation Will Unite Infosec

After working in the security industry for 15 years, one of the consistent themes I’ve observed is how teams struggle with balancing the increasing amount of work they have to do, without an increase in resources to accomplish their goals. But there’s another, less obvious problem that I like to refer to as a different kind of SaaS: “security as a silo.” It should be no surprise that large organizations frequently struggle with silos that create friction and miscommunication—barriers that get i

Read Full Post

4 min Application Security

How DevOps Can Use Quality Gates for Security Checks

Your team has been working at all hours to put the final touches on code for a new big feature release. All the specs are in, the feature works as expected, and the code is pushed to production. A few hours later, the daily security scan runs and the alerts start piling in. What went wrong? And what do you do now? Typically when this happens, it means rolling back the entire deployment, retroactively fixing the bugs and vulnerabilities in the code, and a week or two later, re-deploying. If you’

Read Full Post

4 min Application Security

Diving Deep and Finding Vulnerabilities in Modern Web Applications

As more and more companies shift the responsibility of security earlier [https://information.rapid7.com/shifting-left-sdlc.html] in the software development lifecycle (SDLC), DevOps teams are being tasked with detecting vulnerabilities within their applications. Already scrambling to keep up with the terminology, processes, and technologies of modern-day security, DevOps teams also have to contend with the dynamic complexities of securing web apps [https://www.rapid7.com/fundamentals/web-applica

Read Full Post

4 min DevOps

How DevOps Can Use Quality Gates for Security Checks

Your team has been working at all hours to put the final touches on code for a new big feature release. All the specs are in, the feature works as expected, and the code is pushed to production. A few hours later, the daily security scan runs and the alerts start piling in. What went wrong? And what do you do now? Typically when this happens, it means rolling back the entire deployment, retroactively fixing the bugs and vulnerabilities in the code, and a week or two later, re-deploying. If you’

Read Full Post

2 min InsightAppSec

Making the Dream Work: Teaming with Dev for Safer Production Apps

So you’ve read the reports outlining how important it is for developers and security teams to work together to build web applications quickly and securely [https://information.rapid7.com/sans-state-of-application-security-2017-report.html] , you’ve scoured the web and have researched the importance of building a web application program at your organization [https://www.rapid7.com/solutions/application-security/], perhaps even watched some videos talking about the evolution of web applications an

Read Full Post

3 min InsightVM

Vulnerability Management Year in Review, Part 1: Collect

Sometimes, it seems change is the only permanent thing in information security. To help deal with change on your terms, we set out to help maintain visibility to your environment as it is presented to you. How? By efficiently collecting vulnerability data at scale.

Read Full Post

2 min DevOps

Introducing InsightOps: A New Approach to IT Monitoring and Troubleshooting

Today we are announcing the general availability of a brand new solution: Rapid7 InsightOps [https://www.rapid7.com/products/insightops/]. This latest addition to the Insight platform continues our mission to transform data into answers, giving you the confidence and control to act quickly. InsightOps is Rapid7's first IT-specific solution, enabling users to centralize data from infrastructure, assets and applications, so they can monitor and troubleshoot operational issues [https://www.rapid7.

Read Full Post

4 min DevOps

DevOps: Vagrant with AWS EC2 & Digital Ocean

The Benefits of Vagrant Plugins Following on from my recent DevOps blog posts, The DevOps Tools We Use & How We Use Them [https://blog.logentries.com/2014/02/the-devops-tools-we-use-how-we-use-them/] and Vagrant with Chef-Server [https://blog.logentries.com/2014/03/devops-vagrant-with-chef-server/], we will take another step forward and look into provisioning our servers in the cloud. There are many cloud providers out there, most who provide some sort of APIs. Dealing with the different APIs

Read Full Post

6 min Ransomware

The Ransomware Chronicles: A DevOps Survival Guide

NOTE: Tom Sellers [/author/tom-sellers/], Jon Hart [/author/jon-hart/], Derek Abdine and (really) the entire Rapid7 Labs team made this post possible. On the internet, no one may know if you're of the canine persuasion, but with a little time and just a few resources they can easily determine whether you're running an open “devops-ish” server or not. We're loosely defining devops-ish as: * MongoDB * CouchDB * Elasticsearch for this post, but we have a much broader definition and more data

Read Full Post

7 min DevOps

Honing Your Application Security Chops on DevSecOps

Integrating Application Security with Rapid Delivery Any development shop worth its salt has been honing their chops on DevOps tools and technologies lately, either sharpening an already practiced skill set or brushing up on new tips, tricks, and best practices. In this blog, we'll examine how the rise of DevOps and DevSecOps have helped to speed application development while simultaneously enabling teams to embed application security earlier into the software development lifecycle in automatic

Read Full Post

1 min Application Security

Top 3 Takeaways from the "Skills Training: How to Modernize your Application Security Software" Webcast

In a recent webcast, Dan Kuÿkendall [/author/dan-kuykendall/], Senior Director of Application Security Products at Rapid7, gave his perspective on how security professionals should respond to applications, attacks, and attackers that are changing faster than security technology. What should you expect for your application security solutions and what are some of the strategies you can use to effectively update your program? Read on for the top takeaways from the webcast “Skills Training: How to M

Read Full Post

2 min Networking

Securing DevOps: Monitoring Development Access to Production Environments

A big factor for securing DevOps environment is that engineers should not have access to the production environment. This is especially true if the production environment contains sensitive data, such as payment card data, protected health information, or personally identifiable information because compromised engineering credentials could expose sensitive data and lead to a breach. While this requirement is a security best practice and has found its way into many compliance regulations, it can

Read Full Post

6 min IT Ops

5 Ways to Make Your DevOps Team More Efficient

As your DevOps team grows, scaling efficiencies across the group is imperative to maintaining a well-oiled unit. A small team of smart engineers can function well without much effort, but as your team gets bigger, you need to make sure you invest in the right tools and practices to help keep everyone on the same page. Throw in distributed teams, across different time zones, and issues can only get exasperated. Below are a few key tips that you should consider as your development and operations

Read Full Post