Wednesday, November 15, 2017

Essential (and free) security tools for Docker

Docker makes it easy for developers to package up and push out application changes, and spin up run-time environments on their own. Maybe t...
Friday, September 29, 2017

Agile Application Security book

This is the first post in a while. I've been busy working on a bunch of projects. One of them is now finally complete: a book on Agile A...
Tuesday, July 19, 2016

Why you Should Attack Your Systems - Before "They" Do

You can't hack and patch your way to a secure system. You will never be able to find all of the security vulnerabilities and weaknesse...
Thursday, June 16, 2016

Dev-Sec.io Automated Hardening Framework

Automated configuration management tools like Ansible , Chef and Puppet are changing the way that organizations provision and manage the...
Thursday, June 2, 2016

DevOpsSec: Using DevOps to Secure DevOps

I finished writing an e-book for O'Reilly on DevOpsSec: Securing Software through Continuous Delivery . It explains how to wire securi...
Monday, April 18, 2016

DevOpsDays: Empathy, Scaling, Docker, Dependencies and Secrets

Last week I attended DevOpsDays 2016 in Vancouver. I was impressed to see how strong the DevOps community has grown from the time that I ...
2 comments:
Wednesday, December 23, 2015

DZone's 2015 Guide to Application Security

DZone recently published a Guide to Application Security . It provides a good overview of effective appsec tools and practices, including my...