DevSecOps

DigitalVarys is the Community of Developers and Authors of Technical Content about #DevOps, Cloud, #ProjectManagement, #InformationSecurity, #DataScience and #WebDevelopment.​

DevSecOps Archives covers topics on DevOps and Security of Software Development Life Cycle (SDLC) which talks about Implementation framework of DevSecOps along with DevOps with Strategies, Trends, and Technologies. Especially, DevSecOps Archives of DigitalVarys talks about Tutorials, Guides, and How To’s on DevSecOps Technologies and Trends.

How to Install and Configure Fortify Static Code Analysis Tool

How to Install and Configure Fortify Static Code Analysis Tool

Fortify is a product of Micro Focus which offers a feature called Static Code Analyzer. This will help us scanning for security violations that are specific to the Coding Rule and Guidelines. Also, fortify provides enough data from Analysis and prioritizes the violations for the developers to identify and fix quickly. In this article, we […]

How to Install and Configure Fortify Static Code Analysis Tool Read More »

Simple Introduction to HashiCorp Vault

Simple Introduction to HashiCorp Vault

Need of Vault. When you have multiple services/applications and tools stack in your application or infra architecture, the connection between the services/application should be authenticated. For which, you need either an API key or Passwords or Certificates or Signature or any form of credentials that need to be secured properly. But Where do you store

Simple Introduction to HashiCorp Vault Read More »

How to Monitor and Alert AWS Security Group Modifications in Slack.

How to Monitor and Alert AWS Security Group Modifications in Slack.

Security in the Public Cloud Platform is very important. Especially, when you have multiple users in IAM and everyone can modify the security groups, it is important to Monitor and Alert the event. When we talk about ChatOps, Slack is the first preference of most of the Corporates. In this article, we will discuss How

How to Monitor and Alert AWS Security Group Modifications in Slack. Read More »

DevSecOps – Dynamic Analysis DAST with OWASP ZAP and Jenkins.

DevSecOps – Dynamic Analysis DAST with OWASP ZAP and Jenkins.

Dynamic Application Security Testing (DAST) also called Black Box Testing is a testing practice that will test the application by executing your web application. As we know, In SAST, a Web application will be tested inside the application which doesn’t even require that the application should be running. So, when we do Dynamic Analysis, we

DevSecOps – Dynamic Analysis DAST with OWASP ZAP and Jenkins. Read More »

Jenkins Sast integration to SonarQube

How to Integrate Jenkins SAST to SonarQube – DevSecOps.

SonarQube is an excellent application that will capture, analyze, and visualize the functional bugs and Security Vulnerabilities. We discussed how to perform static Analysis with Jenkins and before that, we discussed how to implement Security testing in IDE and capture the Vulnerabilities. For both the cases, SonarQube provides an excellent solution with Jenkins to capture

How to Integrate Jenkins SAST to SonarQube – DevSecOps. Read More »

Static Analysis SAST with Jenkins Pipeline

DevSecOps – Static Analysis SAST with Jenkins Pipeline.

As part of the DevSecOps implementation in the CICD pipeline, Scanning the Source code and performing Static Analysis SAST is important. SAST is basically Whitebox testing which will be performed on source code. This will help in finding very important vulnerabilities in the source code. Specifically, vulnerabilities defined by OWASP Top 10 should be mitigated.

DevSecOps – Static Analysis SAST with Jenkins Pipeline. Read More »

Implement Security Testing In IDE

How To Implement Security Testing In IDE.

Delivering Secured Software is very important as the modern world has the risk of potential attacks in various ways. To mitigate them, we need to embed certain security testing procedures in our Software Development Lifecycle. Fortunately, With DevOps, we have a systematic process called CICD and we are going to add certain Security Testing in

How To Implement Security Testing In IDE. Read More »

Security Testing with OWASP ZAP Proxy

OWASP ZAP – Zad Attack Proxy and its Features

OWASP ZAP (Zad Attack Proxy) is an opensource Dynamic Application Security Testing (DAST) tool. This will be sitting between web application and end-user and help to identify security vulnerabilities in web application design and architecture. As the name goes, this is Open Web Application Security Project (OWASP) projects. ZAP is one of the successful proxy

OWASP ZAP – Zad Attack Proxy and its Features Read More »