How can developers integrate effective, on-the-fly security into their workflow, minimizing time overhead and maximizing productivity?
Time is a fickle beast - believe us, we get it! And fastidiously scrutinizing books with titles like Information Security for Coders of X Language Advanced Extension Version Four is simply not a feasible exercise for time-poor individuals adhering to pressing production lifecycles. Unfortunately, continuing to opt for speed over security will, almost certainly, result in a zero-sum outcome that will not favor the developer!
This dilemma of speed vs security is persistent, requiring continual, informed oversight of an environment and trade-offs and adjustments to accommodate finite resources. And whilst the overall reality of trade-offs will continue, we will continue to come up with smarter ways of managing too much as best we can. And it’s with that in mind that we happily announce the release of our newest dev-hack!
Last month, we delivered the SecureFlag Knowledge Base Github App to the world; a functionality which, much to our delight, has since been adopted and used by developers around the world. But if you think the story couldn’t get any better, well, you’re wrong - it can! Because now, our on-demand remediation techniques, testing advice, and example code are all available for Jira as well!
So, how does it work? Simply and effectively of course!
In your Jira issue, simply mention a security vulnerability by name or CWE number. You might be, for example, in need of information regarding “XML External Entity attacks” / “CWE 611”, and by accessing the custom ‘Vulnerability Information’ field, you will be provided with an overview of the vulnerability, alongside remediation techniques that you can use right away.
Contextual training optimizes developer learning by giving you, the developer coping with continual time restraints, valuable information when you need it most. Although nothing beats a depth of insight and practicable, repeatable skills when it comes to securing your applications - we know as we transform thousands of developers into security champions daily - a pragmatic approach that quickly and effectively impacts builds is the next best thing.
And last but not least, did we mention that it’s completely free?! We’re either crazy, or we truly believe that the internet will be a better place if it’s more secure… or we’re both :).
Get the SecureFlag Knowledge Base app for Jira today!