Threat modeling is one of the best techniques for achieving secure architectures. However, introducing it on existing complex projects requires time that architects and developers may not have. Irene Michlin introduces a technique for performing threat modeling in ongoing projects without a prohibitive initial time investment.
DevOps and test-driven infrastructure radically shifted the way we develop and deploy applications and infrastructure. Compliance-driven infrastructure builds on the same foundation, incorporating compliance and security into the mix. Christoph Hartmann and Dominik Richter explore InSpec and explain how it enables you to easily incorporate compliance and security in your development workflow.