What to Look for in a Security Scanning Solution

Pointing out problems is not necessarily a bad thing. But simply pointing out problems without offering solutions provides little value. This is true in many facets of life, but it also applies within the context of software security scanning.  security…

Six Ways AST Keeps Digital Citizen Services Secure

When in-person processes became impossible during the pandemic, the extent to which public sector services relied on them became apparent. Town halls, municipal offices, schools, and colleges were forced to close their doors to the public, and the need to…

PODCAST: AST, DevSecOps and Developer Training – Three Essential AppSec Tools

Massive cyberattacks and breaches that originated in applications, including the recent SolarWinds breach that impacted as many as ten government agencies, and the more recent Kaseya breach which may have impacted hundreds of companies, have rightfully raised questions about application…

Five Factors to Look for in an Application Security Solution

This article was originally published on the Checkmarx blog. To read the original in its entirety, click HERE. The process of writing code (and the code itself) has changed dramatically: functionality and end-goals for code execution are lightyears ahead of…

Four Best Practices for Secure App Development in AWS

This article was originally featured on the Checkmarx blog. Click HERE to read the original in its entirety. The advantages of cloud-native applications in an AWS deployment are well understood. AWS delivers flexibility, scalability, usability, and so much more. But,…

Colleges and Universities – the Next Big Target for Ransomware Attacks

The past few months have been witness to two massive ransomware attacks that have impacted organizations that are part of our country’s critical infrastructure – the attacks against the Colonial Pipeline Company and JBS, one of the country’s largest meat…

AppSec and SLED – Shifting Left to Solve Deep Challenges

This article originally appeared on the Checkmarx Blog. Click HERE to read the original in its entirety. For state governments, local governments, and education agencies – a cohort often referred to as the SLED sector – there has perhaps never…

DevSecOps and Security Automation – Making Application Security a Part of Development

In my previous article on the GovDevSecOpsHub, I examined the need for identifying and eliminating application-level cybersecurity vulnerabilities – such as those found in IaC and APIs – and explained why application security is becoming such a difficult challenge for…

Security as Code — Making Application Development Faster and Safer

Right in the middle of the holiday season, as much of the world was preparing to take some deserved time off to celebrate with their families and bid 2020 a less-than-fond farewell, some terrible news broke involving a number of…

From “Trust but Verify” to “Never Trust” – the Importance of AST in application development

In our last article on the GovDevSecOpsHub, we sat down with Peter Archibald, the Regional Sales Manager for DoD and FSI sales at Checkmarx, and Jeff Ingram, a DoD Regional Sales Manager at Checkmarx, to discuss the inclusion of the…

 

 

 

We launched GovDevSecOpsHub to focus on the next evolution of application development, DevSecOps, which brings cybersecurity teams and tools into the development process sooner so that applications are more secure and safeguarded against cyber threats.

In  GovDevSecOpsHub we’ll look at the evolution from traditional software and application development to the DevOps model. We’ll talk about the importance of moving from DevOps to DevSecOps. We’ll highlight the technologies and cultural changes necessary to make this shift happen. And we’ll profile government organizations and executives that are the “boots on the ground” as the government pivots towards the DevSecOps model.