Implementing DevSecOps with AWS
Equifax, a credit reporting agency, reported unauthorized access to the personal records of 143 million US citizens in a data breach in 2017 that went unnoticed for 76 days (https://www.csoonline.com/article/3444488/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.html). What started as Common Vulnerabilities and Exposures (CVE) in Apache Struts, a well known framework used by Java applications, resulted in financial and reputational damage for the company. Even after corrective measures, a few servers remained unfixed due to the dependency on manual processes. These gaps, combined with teams’ lack of awareness of security breaches in general, were exploited by malicious actors to gain access to one of the servers, and then several others. Security incidents like these harm business health and, most importantly, result in loss of customer trust, along with reputational damage.
The evolution of software practices and...
