IaC – A Potential Source of Vulnerabilities, or an Opportunity for More Secure Infrastructure?

Last month, ICIT sponsored an online panel discussion featuring a number of application development and cybersecurity experts from across industry, the federal government, and the Department of Defense. This panel discussion focused on two new security vectors that have arisen as application development practices and technologies have evolved – infrastructure as code (IaC) and APIs.

Five Reasons Why Agencies are Choosing SAST Over WAF

Article originally posted by the GovDevSecOpsHub here.

Today’s Application Security (AppSec) measures focus on protecting web applications. These measures include methods of preventing data or code within the application from being compromised or hijacked. AppSec is an essential part of the Software Development Life Cycle (SDLC) and ensuring that applications are secured must be a top priority in today’s ever-evolving and expanding digital landscape.

Six Ways AST Keeps Digital Citizen Services Secure

Article originally posted to the GovDevSecOpsHub here.

When in-person processes became impossible during the pandemic, the extent to which public sector services relied on them became apparent. Town halls, municipal offices, schools, and colleges were forced to close their doors to the public, and the need to provide digital alternatives to citizen services so that constituents could continue to access them became clear.

The Top 2021 Trends in Public Sector IT

2020 was a transformative year for public sector IT. Accelerated by necessity, agencies rapidly scaled and secured their digital ecosystems to accommodate a newly remote workforce. Against this backdrop, significant cybersecurity hacks revealed continued vulnerabilities in the federal supply chain and state and local IT infrastructures.

Looking forward there is much work to be done. A new administration, new regulations and continued reliance on the cloud will shape public sector IT through 2021.

Speed with a Safety Net - DLT's Secure Software Factory

Many subject matter experts will tell you that DevSecOps is primarily a cultural transformation issue as opposed to a technology problem. While a true statement, the right technologies can help expedite that transformation given a vision of what your agency wants to achieve through automation. For example, can you optimally perform your mission without adopting innovation as a factor when trying to predict the best tools to use in your DevSecOps shop?

DevSecOps Decoded

You say “DevOps”, I say “what about DevSecOps?”. But neither exists in a silo. If you’re taking advantage of DevOps tools and methods, you need to integrate DevSecOps into the mix. In other words, IT security must play an integrated role in the full lifecycle of your apps.

But what is DevSecOps? For this, we turn to DLT partner, Red Hat, who has put together a user-friendly guide to DevSecOps.