• Home
  • Hosting
  • Tech
  • Server
  • Security
Mex Linux
  • Home
  • Hosting
  • Tech
  • Server
  • Security
No Result
View All Result
mexlinux.com
  • Home
  • Hosting
  • Tech
  • Server
  • Security
No Result
View All Result
mexlinux.com
No Result
View All Result

BEST PRACTICES: How to strengthen DevSecOps testing for known memory vulnerabilities

admin by admin
July 9, 2020
Home Security
Share on FacebookShare on Twitter

The DevOps are fake Uber and Netflix. In the very near future DevOps will help to make driverless cars a commonplace.

That’s what it looks like: Which leads to memory attacks

But the funny thing is that DevOps – the philosophy of designing, prototyping, testing and delivering new software as quickly as possible – was at the heart of all this. Software vulnerabilities have reached their peak.

In five years, the number of technical software vulnerabilities in the National Vulnerability Database (NVD) of the National Institute of Standards and Technology has more than tripled, from 5,1891 in 2013 to a record 16,556 in 2018.

BEST PRACTICES: How to strengthen DevSecOps testing for known memory vulnerabilities

The total number of vulnerabilities detected on the NVD decreased slightly to 12,174 in 2019. Part of this fall’s credit is undoubtedly due to the DevSecOps movement, which has been going on for two or three years. Check this link right here now 24×7 Outsource Support.

The promoters of DevSecOps insist that the safety requirements are met during the design process, so that they fit into the highly flexible engineering culture of DevOps. Still, 12,000 with newer software vulnerabilities is a lot, guys. This does not include hidden vulnerabilities that are overlooked in this rapidly changing environment – gaps that are likely to be discovered and exploited by opportunistic threat actors in the future.

Virsec, a provider of application security solutions in San Jose, tries to tip the balance in favour of the good. Virsec provides systems that help organizations detect highly discreet malicious activity – at the deepest level of code running in a real world environment.

At RSA 2020, I was lucky to be with Shauntines Jacob, Virsec’s Director of Product Marketing. We discussed the steps Virsec has taken to guide its deep discovery technologies through the development phase of new applications. Listen to the accompanying podcast for a complete overview of our conversation. These are the most important points:

Real-time operations

Hacker groups responsible for mass data theft have a number of things in common, according to Marriott and Equifax. To gain a foothold in the network’s environment, attackers had to bypass the best outdated security systems available for money. And once inside, they used a tactic that allowed them to go unnoticed for weeks by methodically looting Corone’s jewelry databases.

Today, hacker groups do this routinely; they cover their tracks by infiltrating malicious code far beyond traditional firewalls, intrusion detection and data loss prevention systems. This highly visible class of malware is only executed at runtime, i.e. between the moment the program is opened and the moment it is closed or terminated.

BEST PRACTICES: How to strengthen DevSecOps testing for known memory vulnerabilities

When an application is running, its components are loaded into the processor memory of the calculator so that the application can perform its tasks. Threatening agents know how to introduce benign bits of code into application servers; this code is then translated into attack code that is only executed at runtime.

Deterministic protection

According to Jakab, Virsec’s experiment aims to destroy these executive achievements, which are the result of hidden software weaknesses in the compiled code and firmware. Virsec provides systems to detect and repair malicious network traffic detected and repaired at this deep level. This ensures the integrity of vital operations while keeping valuable data and confidential intellectual property out of the reach of sophisticated attackers. That’s how Jacob broke it for me:

We take a deterministic approach to detecting attacks during an operation. This happens when an attacker, be it a nation state or a very complex threat agent, bypasses protection at the network level and already has access to the server. So now an attacker knows your applications inside out and the state of their vulnerabilities.

BEST PRACTICES: How to strengthen DevSecOps testing for known memory vulnerabilities

Jakab

We look at how the application is designed to determine when these types of operations take place. We take a holistic approach to control.  We examine the files and processes used by the application, up to the data entered into the memory… We examine how the data in memory is manipulated to provoke malicious actions, such as taking control of your application.

I don’t think that’s a good idea.

Back to DevSecOps. In principle, DevSecOps should maintain the coverage of vulnerabilities in new software. However, DevSecOps is in a very early stage of need with many possibilities for improvement.

The idea behind the DevSecOp frameworks, which include static application security testing (SAST), dynamic application security testing (DAST), interactive application security testing (IAST), and runtime application protection (RASP), is to compress vulnerabilities – without compromising flexibility.

These processes support a fail-safe approach to prototyping and testing: Invest in rapid deployment of minimally usable software to find out where it works or fails, and then fix the error in an instant without losing sight of safety.

The problem with SAST, DAST, IAST and RASP is that they are not very good at detecting architectural weaknesses, i.e. deep holes that motivated cybercriminals are likely to discover and exploit later.

Depth test slider on the left side

Virsec has learned a lot by helping large financial companies and companies that rely on powerful industrial control systems to stop pirates plunging into the depths. As a result, the company has taken the initiative to go left and share its hard-earned field data with the software development community, she says.

Virsec believes it is useful to integrate the knowledge from its core activities especially in the early design and testing phases of new software – or links to the development and production plan, as was previously the case.

BEST PRACTICES: How to strengthen DevSecOps testing for known memory vulnerabilities

According to Jakab, information on how attackers during runtime in-memory attacks can complete the process on multiple levels, from integration to system level testing and final quality testing.

Now you can integrate the results of virsec in all these test iterations and see on a very deep level where software errors can occur, she says.

What Virsec brings to the DevSecOps table is essentially a very grainy penetration test based on field forensics. I was impressed by the fact that this is probably what the elite hacker groups want. Cybercriminals want to get their hands on applications that are flexibly designed and have latent vulnerabilities.

It would be nice if the good guys beat them once. I keep my eyes open.

BEST PRACTICES: How to strengthen DevSecOps testing for known memory vulnerabilities

Akohido

Byron V. Akohido, a Pulitzer Prize-winning business journalist, has dedicated his work to raising awareness about how to make the Internet as private and secure as possible.

*** This is the syndicated blog Security Bloggers Network of The Last Watchdog, written by bacohido. You can read the original announcement at https://www.lastwatchdog.com/best-practices-how-testing-for-known-memory-vulnerabilities-can-strengthen-devsecops/.devsecops best practices,devsecops workflow

admin

admin

Next Post
BEST PRACTICES: How to strengthen DevSecOps testing for known memory vulnerabilities

Why is Amsterdam the preferred location of the web hosting server in Europe?

Recommended.

BEST PRACTICES: How to strengthen DevSecOps testing for known memory vulnerabilities

UK snubs Apple-Google coronavirus app API, insists on British data control, promises to protect privacy •

May 5, 2020
BEST PRACTICES: How to strengthen DevSecOps testing for known memory vulnerabilities

Sophisticated phishing kit Used by multiple target groups

July 26, 2020

Trending.

BEST PRACTICES: How to strengthen DevSecOps testing for known memory vulnerabilities

Got Kids? Limit Computer Usage Per Account in Linux With Timekpr-nExt

October 29, 2020
BEST PRACTICES: How to strengthen DevSecOps testing for known memory vulnerabilities

How to restart the Ubuntu 20.04-Linux Hint network

September 25, 2020
BEST PRACTICES: How to strengthen DevSecOps testing for known memory vulnerabilities

LockBit ransomware seamlessly encrypts 225 systems

May 13, 2020

Digital marketing: definition, examples and more

December 15, 2020
BEST PRACTICES: How to strengthen DevSecOps testing for known memory vulnerabilities

Avoid getting cut up in an intergalactic slaughterhouse, Disc Room is out now

November 2, 2020
mexlinux.com

MexLinux.com

We develop for Linux for a living, We used to develop for DOS.
Going from DOS to Linux is like trading a glider for an F117.

Categories

  • Hosting
  • Latest
  • Security
  • Server
  • Tech

Recent News

BEST PRACTICES: How to strengthen DevSecOps testing for known memory vulnerabilities

Delivering value to a remote workforce: A practical approach

November 19, 2020
BEST PRACTICES: How to strengthen DevSecOps testing for known memory vulnerabilities

Tetrade hackers target 112 financial apps with Ghimob banking TrojanSecurity Affairs

November 18, 2020
  • Home
  • Hosting
  • Tech
  • Server
  • Security

© 2020 MexLinux - Sitemap

No Result
View All Result
  • Home
  • Hosting
  • Tech
  • Server
  • Security

© 2020 MexLinux - Sitemap