Agile Security

With agile approaches, companies are able to deliver software in weeks, days and sometimes even hours. In the mean time, the call for secure software is getting louder and louder. How do you retain your flexibility and speed without reducing the overall security of your software? Agile Security Risk Management (ASRM) provides insights in your information security risks and helps you to deal with them, without any unnecessary delays.

Software security NEEDS an agile approach!

High paced agile software development is becoming part of our customers’ DNA. However, agile teams often miss knowledge on secure coding, and software security is often applied as an afterthought. By doing so, organisations face new challenges on the field of data exchange, password security and storage of personal identifiable information. Neglecting these issues may lead to insecure or complex software, reputational damage and unnecessary delays in the software development process.

How to become the trustworthy innovator?
The flexibility offered by agile working methodologies is key when it comes to innovating at a high pace. Trustworthiness of the solution should not translate into additional, unnecessary, and expensive checks; but should be the result of an integrated software development process. Short development iterations provide the flexibility to face the relevant information security risks of the moment.

Xebia introduces: Agile Security Risk Management
Agile Security Risk Management (ASRM) provides product owners insight into the most relevant information security risks, enabling them to apply the right focus in the development process. Information security risks, laws and regulations translate to reliable IT-solutions. Furthermore, ASRM ensures that the product under development will contain less leaks by training the developers and adding security checks to the continuous delivery pipeline. ASRM takes Continuous Delivery to the next level and increases the business value of every sprint.

Want to find out how you can improve your risk management in an agile environment? Get in touch and request the ASRM maturity scan!

Get in touch

User

Han Goossens
Commercial Manager Security

Email: hgoossens@xebia.com
Tel: 06-53993523

Get in touch
User

Tom Rijgersberg
Business Unit Manager Security

Email: trijgersberg@xebia.com
Tel: 06-12792080

Get in touch

ASRM has three focal points:

  • Deal with relevant risks: ASRM provides product owners insight into the risks they need to deal with and how to prioritize them. Controls which deal with these risks will become part of the product- and sprint backlog.
  • Focus on continuous improvement: ASRM focuses on continuous improvement of both the software assets as well as the development team. Developers are educated on recommended security protocols and procedures, as well as defensive coding principles.
  • Prevent basic exploits: by adding automated security tests to the continuous delivery pipeline, basic vulnerabilities will be detected and filtered out. This will prevent some of the most obvious mistakes to be released into production.

Security is often a neglected part of Continuous Delivery. Tests in the Continuous Delivery Pipeline are often focused on integration testing, basic error testing and evaluating happy flows. Security testing should always be part of the continuous delivery pipeline if you do it right.

Applying Continuous Delivery is one of the cornerstones of ASRM. With Continuous Delivery you can improve the overall quality of your software, increase the speed of the development process and reduce costs.

View all blog

Being An Agile Security Officer: Security Stakeholdership mindset

Tuesday, Dec 27, 2016

This is the second part in my blog series about 'being an agile security officer'. In this blog I will focus on the mindset of security stakeholdership in Agile and DevOps environments. In the Agile world the Product Owner is the person who translates business and customer desires into work items (user stories) for the

Read more

Being An Agile Security Officer

Friday, Oct 21, 2016

Whenever I give a presentation, training, or just talk to security teams, it becomes clear that over the years a gap has been created between application security and development. A gap we created consciously and with intent and that became painfully visible with the introduction of Agile and DevOps. Suddenly exhaustive information security policies with

Read more
Is your digital enterprise fit for the future? With this whitepaper, you will learn how the transformation age impacts on your business and what it takes to start with digital disruption.
(Dutch) Fundament voor Digitale Transformatie DevOps raakt de totale klassieke organisatievorm in de ziel. “Het is primair een cultuur, die er- voor zorgt dat organisaties zich snel kunnen aanpassen aan de snel veranderende markt.
DevOps article Boardroom IT DevOps is the foundation for a digital transformation.
The 6 DevOps principles This whitepaper shows the main DevOps principles to make the next step with your organization.
Whitepaper: Why Organizations Must Immediately Change the Way They Test IT is a game changer and the most important enabler for start-ups, regardless of their domain or business sector. It allows new organizations, like Uber and Bunq (peer to peer banking), to apply existing business models laterally and dramatically shortens the processing time from new idea to successful implementation. This poses a threat to those companies that aren’t playing with the right IT.
Digital Innovation Bekende en zeer succesvolle disruptors zoals Uber, Airbnb, Tesla of Apple hebben één ding centraal staan: hun klanten....
DevOps Fundamentals Syllabus Keep an eye on our website to be one of the early adopters of the DevOps principles! These sessions will be facilitated by our master trainers Michiel Sens and Thomas Kruitbosch.
Whitepaper: Embracing Digital Disruption by Adopting DevOps Practices The digital age is behind us, the transformation age has begun. If you want to survive the so-called Digital Disruption, you must act immediately. This whitepaper helps to seek understanding of the DevOps principles and to participate in the transformation process.
Whitepaper: How to bridge the gap between security & innovation? Whitepaper: How to bridge the gap between security & innovation?
XebiCon @ CIO in the Boardroom 2015 by Sytse van der Schaaf XebiCon 2015 is all about the latest trends on IT Innovation. This article describes the main topics of this hight quality IT event, focused on the keynote speakers talk of Anders Ivarsson and Kristion Lindwall with the spotify model. This article is in Dutch.
Auditing; Begin Bij het Eind, Eindig Bij het Begin Auditing; begin bij het eind, Eindig bij het begin
Mind the Gap; the Agile Approach to Offshoring In the past, offshoring often seemed more difficult than it was rewarding - Guido Schoonheim
Continuous Delivery and Agile Transformations (Dutch) Radicale versnelling van het software voortbrengingsproces door middel van Continuous Delivery
Agile Survey Results 2010 Agile Survey Results 2010
Agile Survey Results 2011 Agile Survey Results 2011
Agile Survey Results 2012 Agile Survey Results 2012