4 min
DevOps
How DevOps Can Use Quality Gates for Security Checks
Your team has been working at all hours to put the final touches on code for a
new big feature release. All the specs are in, the feature works as expected,
and the code is pushed to production. A few hours later, the daily security scan
runs and the alerts start piling in. What went wrong? And what do you do now?
Typically when this happens, it means rolling back the entire deployment,
retroactively fixing the bugs and vulnerabilities in the code, and a week or two
later, re-deploying. If you’
2 min
InsightAppSec
Making the Dream Work: Teaming with Dev for Safer Production Apps
So you’ve read the reports outlining how important it is for developers and
security teams to work together to build web applications quickly and securely
[https://information.rapid7.com/sans-state-of-application-security-2017-report.html]
, you’ve scoured the web and have researched the importance of building a web
application program at your organization
[https://www.rapid7.com/solutions/application-security/], perhaps even watched
some videos talking about the evolution of web applications an
3 min
InsightVM
Vulnerability Management Year in Review, Part 1: Collect
Sometimes, it seems change is the only permanent thing in information security. To help deal with change on your terms, we set out to help maintain visibility to your environment as it is presented to you. How? By efficiently collecting vulnerability data at scale.
4 min
DevOps
DevOps: Vagrant with AWS EC2 & Digital Ocean
The Benefits of Vagrant Plugins
Following on from my recent DevOps blog posts, The DevOps Tools We Use & How We
Use Them
[https://blog.logentries.com/2014/02/the-devops-tools-we-use-how-we-use-them/]
and Vagrant with Chef-Server
[https://blog.logentries.com/2014/03/devops-vagrant-with-chef-server/], we will
take another step forward and look into provisioning our servers in the cloud.
There are many cloud providers out there, most who provide some sort of APIs.
Dealing with the different APIs
6 min
Ransomware
The Ransomware Chronicles: A DevOps Survival Guide
NOTE: Tom Sellers [https://www.rapid7.com/blog/author/tom-sellers/], Jon Hart
[https://www.rapid7.com/blog/author/jon-hart/], Derek Abdine and (really) the
entire Rapid7 Labs team made this post possible.
On the internet, no one may know if you're of the canine persuasion, but with a
little time and just a few resources they can easily determine whether you're
running an open “devops-ish” server or not. We're loosely defining devops-ish
as:
* MongoDB
* CouchDB
* Elasticsearch
for this post
7 min
DevOps
Honing Your Application Security Chops on DevSecOps
Integrating Application Security with Rapid Delivery
Any development shop worth its salt has been honing their chops on DevOps tools
and technologies lately, either sharpening an already practiced skill set or
brushing up on new tips, tricks, and best practices. In this blog, we'll examine
how the rise of DevOps and DevSecOps
[https://www.rapid7.com/fundamentals/devsecops/] have helped to speed
application development while simultaneously enabling teams to embed application
security earlier into