mgm sp @ Heise DevSec
With the topic “How practical is DevSecOps really? – A field report” our colleague Maximiliane Zirm is present at this year’s Heise devSec.
DevOps describes the principle of bringing together two teams that actually work separately within the framework of agile software development. The aim is to improve quality and, above all, speed up delivery. Security is often left out of the equation. This is taken up in the DevSecOps concept and expanded by the security team. But does this also work in practice?
In our (German) presentation we share our many years of experience from a large, highly agile project. We show our successes, but also our mistakes in the area of DevSecOps. These lessons learned help those responsible to recognize problems early on and to prevent them with the help of best practices.
Further details and tickets can be found on the official conference website (German).
#1 – New Can I Trust Test Case – Browser returns secret out of pre-cached response in a CORS-Request
Update: Our WordPress Author Security Plugin is now available in the WordPress Plugin Store.
How can you actively prevent usernames from being enumerated on WordPress author pages?
In our Big Application Security Penetration Test FAQ for clients we answer everything you should know before, during and after the commissioning of an Application Security Penetration Test.
In focus today: Questions #18 and #19 – How are vulnerabilities found evaluated? And what is the CVSS?
CSRF Countermeasures #2: Another way to protect against CSRF – stateless – is the Double Submit Cookie method.