ic_agile_128ic_business_128ic_agile_white_128ic_banknote_smile_128ic_business_128ic_business_128ic_checkmark_128ic_client_team_manager_128ic_code_file_128ic_code_files_128ic_corporate_cloud_platforms_128ic_crossplatform_apps_128ic_dedicated_team_128ic_developer_128ic_development_team_128ic_enterprise_128ic_faster_timeframe_128ic_fixed_price_128ic_graph_down_128ic_graph_down_128ic_hourly_128ic_hourly_white_128ic_information_finder_128ic_junior_developer_128ic_managed_team_128ic_message_128ic_mobile_app_startups_128ic_mobile_development_128ic_mobile_development_up_128ic_mobile_devices_128ic_multiplatform_128ic_multiplatform_white_128ic_pricetag_128ic_project_checklist_128ic_project_management_128ic_project_management_team_128ic_research_and_development_team_128ic_scalable_team_128ic_senior_developer_128ic_smaller_codebase_128ic_smaller_price_128ic_startup_128ic_team_manager_128ic_three_times_faster_128K&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxK&C_Icons_32pxArrow_Dropdownic_001_google+_16ic_002_xing_16Group 2ic_003_facebook_16ic_004_linkedIn_16Groupic_005_message_16ic_006_upload_16ic_007_remove_16ic_008_email_16ic_009_attachment_16ic_010_file_16ic_011_name_16ic_012_arrow_left_16ic_013_arrow_right_16ic_014_arrow_down_16ic_015_arrow_up_16ic_016_dropdown_arrow_down_16ic_016_dropdown_arrow_leftic_016_dropdown_arrow_rightic_017_K&C_dropdown_arrow_up_16ic_018_language_16ic_019_Quote_16ic_020_+_16ic_021_=_16ic_022_phone_16ic_023_twitter_16ic_024_position_16ic_025_company_16ic_026_search_16ic_027_mobile_16ic_028_fax_16ic_029_location_16ic_030_enlarge_16ic_031_downscale_16ic_032_contactic_download_normal_16pxic_033_skype_16ic_006_download_16 copySearchGroup 26Rss_font_awesomelinkedintwitterConsul_VerticalLogo_FullColorPacker_VerticalLogo_FullColorTerraform_VerticalLogo_FullColorVault_VerticalLogo_FullColorethereum_black_64ic_Interest_based_64ic_acrivate_card_64ic_api_client_64ic_application_architecture_64ic_application_architecture_ white_64ic_application_development_user_64ic_application_development_user_64ic_arrow_down_64ic_automated_backups_64ic_automated_infrastructure_provisioning_64ic_automated_infrastructure_provisioning_white_64ic_automated_storage_64ic_automated_storage_64ic_automation_64ic_microservice_architecture_64ic_avaliability_across_the_world_64ic_avaliability_across_the_world_white_64ic_blockchain_64ic_blockchain_white_64ic_brackets_64ic_brackets_64ic_build_64ic_build_64ic_build_64ic_business_64ic_business_partnership_64ic_business_partnership_white_64ic_business_64ic_calculator_64ic_calendar_64ic_calendar_64ic_car_rent_64ic_card_renewal_64ic_chat_64ic_chat_bubbles_64ic_chat_bubbles_64ic_chat_white_64ic_checklist_64ic_checkmark_64ic_blockchain_64ic_smart_development_64ic_blockchain_consulting_64ic_checkmark_white_64ic_clock_64ic_clock_white_64ic_cloud_media_64ic_cloud_solutionsic_cloud_solutions_whiteic_cluster_64ic_cluster_white_64ic_code_base_optimization_64ic_coding_64ic_coding_white_64ic_commenting_widget_64ic_commenting_widget_64ic_containers_64ic_containers_white_64ic_continious_64ic_continious_delivery_64ic_continious_delivery_white_64ic_continious_release_64ic_continious_release_white_64ic_continious_white_64ic_cost_saving_64ic_cost_saving_white_64ic_cpu_load_64ic_credit_card_64ic_crossplatform_app_development_64ic_crossplatform_app_development_white_64ic_custom_crm_64ic_custom_crm_64ic_independence_consulring_64ic_database_calls_64ic_database_calls_white_64ic_dedicated_teams_64ic_dedicated_teams_64ic_desktop_application_user_64ic_desktop_application_user_64ic_desktop_code_64ic_desktop_code_white_64ic_developer_64ic_developer_white_64ic_development_64ic_devops_64ic_devops_64ic_documents_64ic_documents_graph_64ic_documents_graph_white_64ic_documents_white_64ic_download_presentation_64ic_education_64ic_email_open_64ic_email_open_white_64ic_environment_healthcheckethereum_white_64ic_euro_64ic_euro_white_64ic_failure_solved_64ic_gdpr_64ic_globe_outlines_64ic_good_quality_64ic_high_load_websites_64ic_high_load_websites_white_64ic_hotel_booking_64ic_inability_64ic_inability_white_64ic_increase_64ic_increase_white_64ic_increasing_team_64ic_independence_64ic_integration_64ic_it_outsourcing_64ic_it_outsourcing_64ic_knowledge_sharing_64ic_mobile_devices_64ic_laptop_user_64ic_laptop_user_white_64ic_launch_64ic_launch_white_64ic_learning_64ic_learning_two_white_64ic_lighthouse_64ic_link_64ic_load_balancer_64ic_load_balancer_64ic_load_card_64ic_lock_64ic_lock_white_64ic_low_cost_64ic_low_load_websites_64ic_maintenance_tools_64ic_maintenance_tools_white_64ic_media_player_64ic_media_player_white_64ic_messaging_platforms_64ic_microservice_architecture_64ic_microservices_64ic_microservices_64ic_mobile_app_64ic_mobile_app_64ic_mobile_content_64ic_mobile_development_64ic_mobile_development_white_64ic_mobile_devices_64ic_mobile_devices_white_64ic_mobile_payments_64ic_mobile_social_media_applications_64ic_mobile_workflows_64ic_money_transfers_64ic_multimedia_sharing_64ic_multimedia_sharing_white_64ic_my_garage_64ic_no_access_64ic_no_access_white_64ic_no_oldschool_64ic_online_marketplaces_64ic_online_marketplaces_white_64ic_online_trading_64ic_online_trading_64ic_pair_device_64ic_parallels_64ic_parallels_white_64ic_passcode_64ic_payment_systems_64ic_performance_64ic_performance_issues_64ic_performance_issues_white_64ic_performance_white_64ic_plane_64ic_plane_white_64ic_plus_64ic_plus_64ic_pricetags_64ic_pricetags_64ic_product_64ic_product_search_64ic_product_white_64ic_productivity_tools_64ic_productivity_tools_64ic_project_delivery_64ic_project_delivery_white_64ic_project_management_64ic_project_management_collaboration_64ic_project_management_team_64ic_project_management_team_white_64ic_project_risks_reduced_64ic_quality_mark_64ic_quality_mark_64ic_quality_mark_white_64ic_question_64ic_react_native_64ic_response_time_64ic_response_time_white_64ic_rest_api_64ic_retail_64ic_transparency_consulting_64ic_scale_up_64ic_scale_up_white_64ic_security_64ic_security_64ic_self_healing_64ic_self_healing_64 copyic_send_money_64ic_server_64ic_server_white_64ic_shopping_64ic_shopping_white_64ic_sleep_mode_64ic_small_is_beautiful_64ic_smaller_price_64ic_social_benefits_64ic_social_connections_64ic_socket_64Group 20ic_spare_parts_for_cars_64ic_spare_parts_for_cars_white_64ic_speedometer_64ic_performance_consulting_64ic_speedometer_white_64ic_startup_64ic_startup_white _64ic_target_64ic_team_64ic_testing_64ic_testing_checklist_64ic_testing_checklist_white_64ic_testing_white_64ic_three_times_faster_64ic_touch_64ic_touch_id_64ic_touch_white_64ic_transparency_64ic_ui_design_desktop_64ic_ui_design_mobile_64ic_ui_design_mobile_white_64ic_umbrella_64ic_umbrella_64ic_umbrella_white_64ic_up_and_down_scaling_64ic_up_and_down_scaling_64ic_users_64ic_users_white_64ic_ux_design_64ic_ux_design_desktop_64ic_ux_design_64ic_ux_design_white_64ic_vehicle_64ic_web_based_search_64ic_web_based_search_white_64ic_web_browser_code_64ic_web_browser_developer_mode_64ic_web_browser_user_64ic_web_development_64ic_web_development_white_64ic_web_portals_64ic_web_portals_64ic_web_user_64ic_web_user_white64ic_workflow_64ic_workflow_steps_64ic_workflow_steps_white_64ic_workflow_white_64ic_working_environment_64solidity_blackGroup 19

DevOps As DevSecOps – Full Integration of Threat Protection Without Compromising Deadlines of Budgets

It’s an everyday morning in the office of Jim, the CTO of a promising start-up. He’s reached the last few minutes of his usual 30-minute routine to ease into another hectic day, which, as always, is a quick scan of the news, both general and around the tech start-up scene. One particular headline catches his attention. One of his company’s competitors has fallen victim to a cybersecurity attack and it looks as though the result might mean it’s the end of the road for them.

 

While Jim is by no means a vindictive individual, it’s dog-eat-dog out there in Start-upland and he allows himself a little grin. Plus, the competitor’s co-founders had shown open hostility to Jim and his company. Sure, they were competitors but they’d clearly never heard of friendly or even respectful competition.

 

But before Jim was able to luxuriate in the downfall of a nemesis, his smile turned to the brow crease of concern. “What if we’re attacked”? Yes, we’ve got a great head of cyber security in Bill, who takes care of the company’s infrastructure and runs occasional penetration tests. “But are these tests enough when we have weekly deployments”? The fact is they are often overdue and lag new deployments, potentially leaving a window of vulnerability.

 

Jim’s situation is common in a DevOps environment where security departments often play second fiddle during the development and deployment process. The kind of watertight security procedures and documentation that DecSecOps involves can be considered a bottleneck to the agile principles, DevOps, QA and rapidly going to market.

 

Which, as Jim’s competitors have seen to their cost, can be a mentality with disastrous consequences if a successful hacker attack IS launched. The reality is a well-integrated DevOps security process needn’t slow things down and have a negligible impact on budget when compared to the cost of damage control after the event.

 

The rest of Jim’s story will demonstrate how a DevOps manager can efficiently implement continuous security standards at little additional cost. 

Let’s see how DevOps becomes DevSecOps.

DevOps Security Starts At the Top

The first step in turning DevOps into DevSecOps is a change in mindset at the top, such as Jim was frightened into. The priority for IT managers is the delivery of competition-shredding features and a smoothly running application within the challenging environment of finite time and budget. 

So Jim has to make sure he meets his end goals while still insulating his team’s work within a completely secure DevOps environment.

 

“What I need is a process that means the application and infrastructure are continuously secure. There shouldn’t be ANY way to bypass it, so a quick fix is out of the question. And comprehensive documentation is key for security responsible Bill or any other auditor that might ever look at it. That’s even important as a USP to be communicated to customers concerned about the news-worthy spate of high profile security breaches that have compromised personal data”.

 

Jim saw a clear parallel with the code quality issues they had gone through a couple of years ago as they were still fine tuning their DevOps processes. Bugs in production had wreaked havoc, leading to customer dissatisfaction. They stopped that from happening by integrating QA in the development process. Automated tests at commit or build time plus a rigorously-documented process for manual testing before delivery.

 

Wouldn’t the same approach ensure best practise DevOps security?

 

“I need the whole team to buy into upgrading our DevOps to DevSecOps”, thought Jim. A meeting was called and in attendance was Bill from security, Joanne from Sales and Igor, the head of their DevOps team. 

Know Your Enemies – The Art of DevOps Security

If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” ― Sun Tzu, The Art of War

Bill, whose pastimes outside of cyber security were military history and amateur theatre had a flair for the dramatic. So, on learning the DevSecOps theme of the meeting and that he was expected to contribute, had prepared a background presentation slide with a fitting quote. “Everyone loves a good quote”, thought Bill. That will impress.



“Let’s start from the beginning,” said Bill. "First, we have to understand potential threats. What are the major security risks and what they can result in? Our first step should be all stakeholders considering the importance of data and the effect of particular threats to the business if this data were to be compromised. Threat modelling techniques should be our approach here”:

 

“If you want me to handle this, please, put it into the backlog,” said Igor, the DevOps ‘eager beaver’. 

 

“Is it as a feature?” asked Joanne.

 

“No, a threat is more like an anti-feature,” shot back Bill, his flair for the dramatic tickled by the elegant response he had summoned.

 

“I propose employing agile software development methods and retesting any negative user stories to double check we are avoiding them here”.

How to Create Your DevSecOps Plan

A good roadmap is the necessary basis for any secure infrastructure and DevSecOps is no exception. With the team now focused on the development process, infrastructure like firewalls - despite their importance - were not covered in their discussion.

 

But Bill, newly enthused by the elevated importance with which he was being treated as a result of Jim’s security push, was on it. He suggested the development of architecture for a range of DAST (Dynamic Application Security Testing) technologies. They allow for the detection of security vulnerability in an app during runtime and not only isolate problems in the source code, but also those that only become apparent during use.

DevSecOps Infrastructure Checklist

With the team’s strategy filled out, the time has come for Jim, with input from the others, to set down their DevOps infrastructure security checklist. So they got started:

 

1.  Encrypting passwords (passwords should ALWAYS be stored in an encrypted format in the database so they cannot be stolen). 

2.  SSL connections used for communication

3.  Automated configuration and set-up of servers

4.  Regular back-ups

5.  Control access on cloud providers

6.  Upgrade strength of SSH Configuration

 

Many teams sigh at this kind of checklist because the check points seem so basic and obvious. While that’s true, with one these simple steps are often forgotten. Why do you think every well run gas station or restaurant has a cleaning checklist up in the bathroom that staff members have to sign once they’ve completed their hourly cleaning task? Because it’s not simple to tell them they have to check in every half hour to make sure it’s in good condition? Of course not. But experience shows a simple checklist provides accountability and works – the bathrooms stay in good condition for clients. Super simple but super effective. Your DevSecOps checklist should also embody simple and effective.

 

Of course, keeping on top of the team’s new checklist would mean a little additional development effort but Igor got this ready to go with some simple OWASP frameworks and templates.

 

But Jim wasn’t finished there:

 

“We need to make our application even securer against attacks. If any malicious intruder does manage to penetrate our external defences, we need to ensure that’s as far as they get. Our web applications have to double-check requests are valid and authenticated. Other checks are about data malformation (for example, a remote procedure call, Session Initiation Protocol [SIP], and so on)”.

 

At this point, the meeting room’s whiteboard was rapidly filling up. Bill was glad he’d put his Art of War quote up on the projector. It would have been scrubbed off the whiteboard to make room and they needed its inspirational push. “I knew my enemy”, thought Bill, proud of his foresight.

Don’t Forget Pre-DevSecOps Security Threats

Everything was falling nicely into place and a rare air of unanimous approval permeated the room as they all leaned back, slightly smug at a job well done. The brief lull was interrupted when Igor brought up the overlooked problem of legacy application integration that had been done. 

 

“No one knows the code and that means no one knows potential threats!”

 

This time it was Joanne’s turn to pipe up with an elegant solution. 

 

“Why not move the legacy application into a container with very limited access, protecting the other applications in the event that weak spot is compromised?”

 

The others agreed that would minimise the risk.

 

“It is called Runtime Application Self-Protection (RASP),” said Joanne proudly. She’d been on a training course recently. Joanne, unlike many in the company, took training courses seriously. She had a special pencil case and notepad just for them. She then digitalised her notes. Joanne’s smart. Be like Joanne!

 

“RASP is a security technology that blocks security attacks. Unlike firewalls, which need the help of network information to detect threats, RASP is more efficient and reinforces the security of software by monitoring its inputs and blocking any that could potentially instigate attacks.”

Secure Code Integral to Strong DevSecOps

Code was next on the agenda and now Igor took centre stage. Igor wasn’t a natural on centre stage. Igor wasn’t a natural at much. Except coding. And looking scruffy. But it was his coding skills rather than dress sense and personal grooming that he was ready to step up to defend!

“Of course I write secure code!” blustered Igor.

 

But when it came to objectively demonstrating its security, he had to admit on reflection, this was difficult to prove without the shadow of a doubt. Of course, he checks the strength of passwords, uses encrypted connections to the backend, but, hey, these hackers are genius nowadays. He knows, some of his uni friends had gone over to the Dark Side. And what’s about the juniors in his team? They weren’t all coding jedi like him. Some of them still struggled to put their Star Wars shirts on the right way around and he was relying on them to fend off the Sith hordes…

 

After a bit of brow furrowing, Igor suggested a simple solution. 

 

“Let’s delegate this element of our DevSecOps to security automation software and do the checks right away. There are tools that check the code for Static-Code-Analysis-Testing (SAST) while the coding is being done.”

 

By integrating the static code analysis during development and commit time into the IDE (Integrated Development Environment), the developer receives immediate feedback on the security level of their application. This will dramatically improve their learning curve around secure coding. Common threats like SQL injections or Cross-Site Scripting are checked.

 

“I’ll teach those youngsters to master The Force”, announced Igor, to quizzical looks from the rest of the group.

DevSecOps Is Also Crucial When Using Third-Party Code

The next security threat to be addressed was the potential Trojan Horse that third-party software the company used could offer attackers.


“What about the software we use and haven’t coded ourselves,” Jim asked. “We use a lot to speed up development and reduce costs. Unfortunately, they are often the backdoor attackers exploit to get past strong DevOps security systems.”

 

It becomes obvious that static code testing will also need to be actioned to check any code not written inhouse. 

 

“And open source software?” continued Jim. “It significantly reduces development effort.”

 

“This code can be a potential security risk,” agreed Igor. “But by checking this code for known vulnerabilities (for example, with OWASP Dependency-Check), we can detect flaws and fix them, as soon they became known.”

 

The OWASP utility works by scanning your code and dependent open-source component libraries to see if they contain any known OWASP flaws. It checks all open source code against a continuously updated database of known vulnerabilities in open-source software.

Testing DevSecOps

“Great job, team!” announced Jim proudly. “We’ve detailed all of the potential risks, created an architecture which mitigates against them and checked new and legacy code for known vulnerabilities. Have we missed anything?”

 

The team had covered almost everything involved in an impregnable DevSecOps system but additional external security vulnerability scanning, suggested by Igor was also put on the list as a final flourish.

 

In addition to the white box testing in the development phase, automated security and vulnerability scanning checks, Jim decided on running tests which simulate the way hackers work. These tests would be integrated into the deployment process to cut out the risk they might ever be forgotten or skipped under time pressure. A report would be proof for management.

DevSecOps Hasn’t Finished When You Run

They were almost done but Jim had one final point on his agenda.

 

“The last thing we have to ensure, and by no means the least, is maintaining DevSecOps along every step of the app’s lifecycle. The production phase is no exception when it comes to running all of the tests we’ve agreed on. They have to be actioned and carefully monitored. Any incident, no matter how insignificant it might seem, is to be reported to the architecture specialists and the development team so they can improve the security level of the application.”

 

Jim returned to his office content. Their new approach, was confident, was the right way to proceed when deploying to production. He was running a tight ship and on his watch there would be no shortcuts that could leave them vulnerable.



“Now, we have a tamper-proof, ‘DevSecOps best practise’ deployment process and checklist,” he thought. “And should anything happen despite our best efforts, we will be able to see immediately where the problem has occurred and how we can patch it. Plus, our GDPR officer Helen might even finally break out a smile, secure in the knowledge there will be no transgression of the new EU law. And I can relax because all activities are properly defined within a clear process. Hackers, bring it on!”

 

He quickly practised his scary face for the theoretical hordes of hackers in the office mirror, made himself a coffee and got on with his day.

SHARE WITH FRIENDS
You might find this interesting
Our cases
Bosch Classic Cars - Digital Engagement Platform for 19K Vintage Car Owners
Our cases
Liferay Portal Developers: Performance Tuning Case Study
Web,Amazon Web Services
Cloud App Security: Three Authentication Approaches
Our cases
How to apply React Native while developing heavy cross-platform mobile apps
Mobile
WHY THE IONIC FRAMEWORK IS THE BEST CHOICE FOR YOUR HYBRID APP
Web,Amazon Web Services
Single Page Application SEO: Tips & Tricks
E-book
Hiring Web Developers — The Complete Guide
E-book
Digital Transformation: the Philosopher’s Stone of Economic Growth
Web,Outsourcing,Other
Angular 5 VS React.js – Who’s Going to Set the Tone in the Upcoming Year?
Web
Agile and DevOps are Key Drivers of Digital Transformation
Web
K&C insights: how to make your workflow work for you
Web,Other
GoLang: Features, Pros and Cons
Our cases
Reference: Major producer of auto electronics and spare parts
DevOps
Hybrid, SAAS+PAAS: cloud solution trends to watch in 2019
Web,Outsourcing,Other
Angular vs. React vs. Vue – Let the Fight Start!
DevOps
DevOps with Puppet: Tips on Setting it up for Configuring Servers
Web,Outsourcing,Other
JS Frameworks: The Trendiest Frameworks You Should Know
Our cases
Micro-service Architecture for New AngularJS Application - Case Study
Mobile
Native or Hybrid Apps: A Quick Comparison
DevOps
Installation and setting up: Nextcloud as a local network storage on CentOS7
Web
Centralized Logging with Logstash, Elasticsearch & Kibana
Web
A Guidance for Keeping Your Web Development Project Within the Budget: Three Key Pillars
Web
Plan to Succeed: 4 Tips for Building Scalable Software
Web
Microservices… when do we need them?
Web
Debunking imaginary shortcomings of cross-platform frameworks
Our cases
Portal Performance Tuning For Major German Travel Agency
Web
Technologies that Foster Digital Transformation
Web,Other
How to Make Your Web Solution Rock: 7 Areas to Check
Web
4 Time-Saving Ways to Test Your Cross Platform Mobile App
Web,Outsourcing,Other
Angular 5.0.0 – A Better Version of Itself
E-book
Top Tools for Cost-Effective Web Development — eBook
Web
A secret formula of an agile dream team
Web,Amazon Web Services
CLOUD DEPLOYMENT: YOUR APPLICATION’S OPTIONS
Web
How to Motivate Your Dedicated Team to Work with Legacy Projects
Web,Our cases
White Label: A Customized Software Solution from a Business and Tech Perspective
Web
Cost efficient technologies
Web
Scaling software solutions - how it works
DevOps,Outsourcing,Other
How to setup Kubernetes cluster on AWS
DevOps
Docker: Virtualize Your Development Environment Right
Web
When Microservices Help Make Future-Ready Products
Outsourcing,Other
How to Ramp up Your Team Wisely
Outsourcing,Testing
How the QA Team Tests Your Project
DevOps
How We Manage Our Infrastructure with Chef
Our cases
Reformation of Deployment Cycle for Bosch Classic Cars Portal
Our cases
Fast and Lightweight Mobile Application based on PhoneGap/ Cordova
Our cases
Drivelog.de — Web Marketplace for Car Owners and Service Providers
DevOps
Use case: how to build and run Docker containers with NVIDIA GPUs
DevOps
How We Use Ansіble for Configuration of Our Environments
Web
Angular 2.0 vs Angular 1.4. What fits you best?
Other
Big Data: Why Your Business Needs it ASAP
Web,Outsourcing,Other
How a Company Can Benefit from White Label: K&C experience
DevOps
How to Build a Rancher & Docker Based Cloud
DevOps
Setting Up: Traefik Balancer In Rancher Cloud
E-book
Determining Approaches to Mobile App Development
Web,Other
Dedicated Teams for Web Development: Choice Criteria to be Checked
Web
Angular 4 vs React – what to choose in 2017
Outsourcing
The BPM in the Microservice Environment
DevOps,Outsourcing,Other
ROCKET.CHAT as an internal messaging system and helpdesk platform
Web,Amazon Web Services
Monolith, Microservices, Serverless... Are We in the Middle of the Way?
Web
JQuery vs. Angular: Ad Astra per Aspera
DevOps
How to start services on Linux
Web
Advanced Technologies for Marketing Automation
Web,Outsourcing
Node.js vs. Angular.js – Two Sides of the Same Coin
DevOps,Outsourcing
AWS DevOps: A New Way to Run Business
Web,Amazon Web Services
Vue.js 2019 - not Angular / React
Web,Outsourcing
Migration from Angular 1 to Angular 5
DevOps,Outsourcing,Amazon Web Services
Information Security with AWS DevOps
Other
Europe’s Big Payments Directive PSD2
Our cases
The Platform Providing Event Organization
Web,Outsourcing,Other
Golang vs. Node.js
Our cases
VAIX - Fault tolerant infrastructure for 24/7 high-load machine learning service
Web,DevOps,Our cases
Our case: Marketplace for gaming goods
Web,Outsourcing
Angular 6 Will Be A Hit
Web,Outsourcing,Testing
Web App Security 101: Keep Calm and Do Threat Modeling
Web,Mobile,Outsourcing,Other
All You Wanted to Know About Chatbot Platforms
Web,Amazon Web Services
What's New In React 16.3.0 - 16.4.2 | K&C React Dev
Web,Outsourcing
ANGULAR 6 versus REACT 16.3
Other
GDPR: Smart Practices
Web
Fintech Apps - A Lucrative Solution for Customers and Businesses Alike
Other
Swimming with Sharks
Web
Node.js 10.0.0: Everyone’s Favorite Got Even Better
DevOps,Outsourcing
Rancher 2.0: A Quick Look at the New Version
Our cases,Amazon Web Services
CLOUD SOLUTION VS. BARE METAL SERVER: WHEN AND WHY
Other
I’m Tired of Blockchain Hype, Are You?
Web,Mobile,Outsourcing
Progressive Web Apps and Why You May Need Them
Other
Don’t Treat Me Like a Fool: The worst thing you can do for your business
Web
Web App Security 101: How to Defend Against a Brute Force Attack
Other
How to Convert Your Business to an Amazon-Style Market Leader
Web,Outsourcing,Other
JavaScript & WebSockets: How to Build Real-Time Applications
Other
Culture eats technology for breakfast
Web,Outsourcing
How to Control Agile Development: Progress and Costs
Marketing
Аudience-based Marketing
Other,Marketing
How to Become a Leader in Your Market
Web,Other
SSR or CSR for Progressive Web App
Web,Outsourcing
Angular 6 vs. Ember 3
Outsourcing
SCALED AGILE FRAMEWORKS: YOUR COMPLETE GUIDE TO WHICH, WHY AND HOW
DevOps,Other
Security in Kubernetes and How Companies Can Benefit from It
Web,Other
JAMSTACK IS THE NEW FACE OF STATIC SITES
DevOps
Guide for Hashicorp Consul/Vault with Kubernetes | K&C Consulting
Testing
What Is Quality Assurance and Why You Need It Immediately
Outsourcing,Amazon Web Services
DEBUGGING AWS LAMBDA FUNCTIONS
Other
The Power of the Holistic Business Analysis
Other
Angular vs. Vue vs. jQuery vs. React vs. Ember
DevOps,Outsourcing
Kubernetes backup with Heptio Ark
DevOps
What to Choose: NFS or CEPH?
Web,Mobile,Back-end,Amazon Web Services
Serverless Architecture for Modern Apps: Stacks Providers & Caveats
Web,Mobile,Back-end,Amazon Web Services
Why Enterprises Choose Serverless Architecture
DevOps,Amazon Web Services
Kubernetes at the Forefront of Secure Microservices Future
DevOps
DevOps: Kubernetes Federation on Google Cloud Platform
Web
All You Need to Know About Web App Security Now
Web,Outsourcing,Testing
QA for CxOs: How to Hire and Outsource
Web,Amazon Web Services
ANGULAR 7 OR REACT For Your App?
Web,Outsourcing,Testing
Sicherheit für Web-Anwendungen - dank Threat Modeling
Outsourcing,Testing
Die Rolle des QS-Teams in Software-Projekten
Outsourcing
Agile entwickeln mit festen Budgets | K&C Software München
DevOps,Outsourcing,Amazon Web Services
KUBERNETES-BERATUNG: SCHRITT FÜR SCHRITT ZUM HEPTIO ARK BACKUP
DevOps,Outsourcing
KUBERNETES ALS FÜHRENDE MICROSERVICE-ARCHITEKTUR IN PUNCTO SICHERHEIT
Outsourcing,Amazon Web Services
FUNKTIONEN VON AWS LAMBDA DEBUGGEN
Web,Mobile,Amazon Web Services
SERVERLOSE ARCHITEKTUR FÜR CLOUD-BASIERTE APPS: TECHNOLOGIE-ANBIETER UND GRENZEN
DevOps
DevOps als DevSecOps – Integrierter Schutz vor Bedrohungen ohne Termin- und Budgetüberschreitung
Web,Mobile,Outsourcing
Web-Anwendungen ziehen mit Mobile-Apps gleich
Amazon Web Services
Auswahl Cloud-Provider ohne Vendor Lockin
DevOps
Cloud-Trends 2019 - Hybrid, SAAS und PAAS | K&C Beratung
Our cases
CLOUD-LÖSUNG VS. BARE METAL SERVER: WANN MACHT WELCHER ANSATZ SINN?
Outsourcing
SCALED AGILE FRAMEWORKS: HINTERGRÜNDE UND AUSFÜHRLICHER LEITFADEN
Amazon Web Services
Hybrid Cloud Consulting Services in Munich
Web,Amazon Web Services
Your Expert Angular Developers in Munich | K&C Development
Web
React Developers Munich
DevOps
KUBERNETES-CLUSTER ABSICHERN MIT HASHICORP CONSUL / VAULT