Application security testing, or AST, is a crucial component of software development that involves identifying and mitigating potential vulnerabilities in an application. In the cloud environment, application security testing becomes even more critical due to unique security challenges. The shared responsibility model outlines the responsibilities... https://cloudtweaks.com/2023/07/application-security-testing-practical-guide/ #applicationsecuritytesting #cloudsecurity #shiftleft #softcorpremium

By integrating security into the development process, DevSecOps helps to identify and fix vulnerabilities early on, saving time and resources in the long run. #DevSecOps #ShiftLeft

"If we were really building quality in early, we'd be reviewing the code as it was being written — not waiting for developers to come out of their period of isolation and then check it."

https://betterprogramming.pub/are-pull-requests-holding-back-your-team-e8aec48986c2 #lean #quality #shiftleft #pullrequests

Are you sure your API "does what it says" and honours the #API contract?

My last article on #GeekCulture: validation of requests and responses with #OpenAPI and #Postman, a developer tool for validating REST APIs and best practices to #shiftleft

https://medium.com/geekculture/validating-api-requests-and-responses-25ed5cc9e846

An introduction:

I spend the days wrangling my #DevOps team, writing #Cloudformation, dealing with #InfoSec, trying to #ShiftLeft our tech culture. In the past, worked in the transactional email space; faux #MSSQL #mySQL #DBA, hardware/#datacenter flunky, Citrix Netscaler admin.

In my personal time, #homelab, #3DPrinting, #pizza maker/consumer, #BBQ, #HomeAutomation, #PatientGamer, Japanese / #Rye #Whiskey enjoyer-er,

@Anneke @Marconius if you put the development process on a rough timeline from left to right:

concept/idea - wireframe - design - development - testing - release (user testing thrown in there somewhere)

it's best to incorporate #accessibility as far left as possible. Less chance of mistakes you cannot correct, or only at high expense.

It's a term that was coined by (off the top of my head) @adactio , I believe.

#ShiftLeft

Some days, leading the charge on #a11y remediation can just be absurdly difficult, and the restraint I have to show by not facepalming myself too hard and not shouting "I told you so!" while running about the room flailing about just starts to feel like an exercise in masochism. Please listen to us experts when we say that we have to #ShiftLeft with accessible design and thinking and please stop deferring until it's too late!

I dag bygger vi ny global CDN for hele NAV basert på #GoogleCloud CDN og Cloud Storage. Prikken over i’en er Google Workload Identity Federation som gjør at vi kan sette opp tilgangsstyring på repo-nivå over hvilke #GitHub repoer i orgen som får lov til å pushe assets til hvilke buckets - no keys involved - altså ingen nøkler som kan havne på avveie #shiftleft #sikkerhet #sky #norsktut 🤩 https://cloud.google.com/blog/products/identity-security/enabling-keyless-authentication-from-github-actions