Dear developer : Security automation is here to help you
It’s been a while since I blogged about something , I was extremely busy with my startup Shieldfy.
Today i want to share with you something I am very excited about which is security automation and how to integrate it into your development cycle.
The motivation behind it is that you need instant feedback on your code security and quality since day 1, Other security firewalls solutions give you that feedback in a late stage when you already deployed your code in production.
Security is a not one day job , it’s daily very exhausting process . You need continues feedback on your code strength . Starting with your initial code writing ( function you are using , deprecated methods , risky approach .. etc) also type of filters & security measures you are using and how it will respond to the new threats , attacks and bypasses in the market .
Diving through your dependencies to find if you are using a vulnerable one or not.
Also don’t forget about your server configurations , information leakage and server vulnerabilities as well.
Finally , how your code will re-act to different attacks on the production level ( bots , malwares , spamming , vulnerability scanners … etc ).
Imagine doing all of this not once or twice .. but every day , every hour. With every feature you add , with every bug you fix. It’s very annoying and risky at the same time.
Even if you use some tools help you a long the way .. code auditing software can help you on getting feedback every time you push to the code repository. and maybe some security scanner to use to test your security measures. but still you will find yourself using at least 3–4 different tools with no link between them.
We definitely needs something Better!
I’m delighted to introduce to you , Shieldfy Workflow . The platform that enables you to integrate security into every step in your development cycle.
Shieldfy workflow is a platform where you can integrate security into your development cycle.
How it Works ?
We provide you with a map where you can set your stages in your development cycle. ( Development , Staging , Production ) at every stage you choose three things .
- Source : the source Shieldfy will be monitoring or doing testing on.
- Event : when you want Shieldfy to do its magic on the source.
- Action : what do you want from Shieldfy to do ( analyze code , launch simulated attacks ;) , production monitoring )
Lets take an example : if you have a web application written in Nodejs and Repo hosted on Github. you have staging environment at staging.myawesomeapp.com and your production at myawesomeapp.com
you will add 3 stages on the Shieldfy workflow map.
- Development stage :-
Source : Github (myawesomeapp/app) Branch (master)
Event : On push/pull-request
Action: Run Code analyzer - Staging stage :-
source: staging.myawesomeapp.com
Event : On deploy
Action: Run Security Scanner - Production stage :-
source: myawesomeapp.com
Event : Always
Action: Run Production Monitor
Code Analyzer
When publish this workflow, Shieldfy will monitor for any push/pull request on the target repo/branch, then will run the first tool Code Analyzer. this tool is responsible for analyzing the code for security best practices , functions/classes you are using also the 3rd party libraries and dependencies you are using.
Security Scanner
When you deploy to your code to the staging at staging.myawesomeapp.com, immediately the second tool Security Scanner will run , this tool will launch simulated attacks against your staging environment. Target the vulnerabilities that can’t be detected at the first stage.
Production Monitor
At the last stage , Shieldfy SDK will monitor your production around the clock .
The system is now in private beta , You can request Early access here
We worked too hard to build such system for developers like you, So you feedback is highly appreciated. you can always reach me here , twitter @net_code or at email : eslam@shieldfy.com
