How To Align Security and Development Teams.

VishwaPrabhakar Singh

Author’s Name

5 June 2018

How To Align Security and Development Teams.

Lets discuss it in brief.

While it’s key to specialise in security throughout software development, the restricted talent pool confounds the situation: There aren’t enough professionals to stay up with the growing threats. Indeed, finding and keeping smart computer code development talent is already difficult enough, coupled with retentive talent that’s security-focused.

Focus on the getting developers with huge skillsets

“A shortage of individuals with cybersecurity skills leads to direct harm to firms, as well as the loss of proprietary information and science,” says James A. Lewis of the Strategic Technologies Program at the center for Strategic and International Studies (CSIS). international intelligence agency recently partnered with Intel Security to unharness a report titled "Hacking the abilities Shortage," that outlines the talent shortage crisis impacting the cybersecurity business across each firms and nations.

Beware while hiring for Offshore Devs!

When you source software system development, confirm you hire a honorable team that produces security a priority. Avoid developers UN agency don’t take it seriously. They’re a risk you don’t want. Instead, confirm your supplier is skilled in security by discussing it too soon. raise potential outsourcing partners to supply samples of however they create security a priority.

There is no price in a very Development Operation program that doesn't increase unharness rate. A core gospel of DevOps is to appear for constraints that cause the backup of labor ongoing – security will expect to receive the spotlight as a result.

SDLC will need vital Modification for secure Dev.

Traditional waterfall-style approaches of build it, test it, hand it over to the safety team, and check it once more ar inefficient when put next to the continual integration (CI) and continuous delivery (CD) approaches of DevOps.

Many Developer initiatives have reduced delivery cycle time, however security practices and policies are getting the bottleneck to fast production delivery.

Project Testing Phase Outline

Testing custom code for vulnerabilities historically takes place once development is complete. however if thousands of checks take every week to run, you’re breaking CI/CD in DevOps. Instead, apply a small-batch testing philosophy to security testing, mistreatment the maximum amount automation of application security testing (AST) tools as attainable.

The goal ought to be to deliver safer code at the speed of business, instead of to patch or replace code reactively supported manual reviews or in response to breaches.

Collaboration in Teams 

Collaboration could be a key a part of DevOps culture. Developers and operations are closely connected, however there's area for security too. Security professionals ought to take into account providing checklists for developers as they integrate their code. offer coaching on policies to developers and operations employees, as well as explanations on why those policies are in place.

Secure it while you code it line by line.

Offer best practices to developing secure code that facilitate to stop typical attacks reminiscent of SQL injection, cross-site scripting, and buffer overflows. facilitate operations groups keep current with secure configurations for infrastructure, be it container-based, cloud, virtual or physical.

The automation designed into the DevOps platform makes code changes traceable, which may scale back the time needed to seek out the supply of a previously unknown vulnerability, thereby reducing exposure time and risk. Also, the smaller the batch size, the simpler it's to trace.

Removing Ransomware

Over the past time several online ransomware incidents has took the sleep away of many users and security researcher in many organisations and industries.

But finally we have some good amo against this kind of problem that is ransomware removal kit
 

Several Security firm and FBI itself has released some ransomware removal kit that are free to download from there respective website.

 Just imagine a moment when all your important files are locked up by some strange program and asking you to pay to unlock the data that is already your.

                         "You should never pay to the Ransomware
                                because it make such attacks more
                                       stronger for further attacks"

The Ransomware Removal Kit includes abilities of the following ransomware removal tools:

• CoinVault: CoinVault ransomware removal tools--link 
• CryptoLocker: CryptoLocker removal tools and Threat Mitigation --link
• CryptoLockerDecrypt: FireEye Tool to decrypt files encrypted by the CryptoLocker ransomware
• FBIRansomWare: FBIRansomWare Removal ToolsTeslaCrypt: Tool for removing this variant of CryptoLocker ransomwareTrendMicro_Ransomware_RemovalTool: General ransomware removal   tool from TrendMicro

Here what you need to do in case your system get infected with any kind of ransomware:-

The first response to a ransomware infection consists in the disconnection of the machine from the internal network to prevent the diffusion of the malicious agent. Be sure to create a copy of the disk that could be restored in case of problems with the ransomware removal kit.

The second step is the identification of the strain of malware that caused the infection( it can be any file/program/even a fake anti-virus program), then the user can try to decrypt files and remove the malicious agent.

How to prevent yourself from such attacks
>Do not download any file from untrusted source.
>Do not download email attachment from strangers.

>Do not use thumb drive without scanning from up to date virus definition anti-virus security product(my recommendation is Kashpersky)

this article is inspired from research of famous security researcher of UK Pierluigi Paganini

thank you for your contribution.