Author Archives: Rohit Salecha

Let’s Cook ‘Compliance as Code’ with Chef InSpec

Introduction The concept of DevSecOps has introduced an array of changes to our traditional operations. One of the major changes was to move away from using tools, to learning to bake our own ‘code’. Of the many things required for an application or an environment to be production-ready, compliance is

Read more

Security Architecture Review Of A Cloud Native Environment

Overview Due to its massive adoption, cloud computing has become a critical component for every enterprise. A large number of organisations want to migrate to the cloud, however, its security posture is still a blind spot for everyone. Nevertheless, we have seen a big rise in the number of requests

Read more

Semgrep A Practical Introduction

Static Application Security Testing or SAST is a testing methodology that analyses application source code to identify security vulnerabilities (such as, but not limited to, the Injection vulnerabilities, any Insecure Functions, Cryptographic Weaknesses and more). Typically, SAST includes both manual and automated testing techniques which complement each other. In this

Read more

Continuous Security Monitoring using ModSecurity & ELK

Recently, NotSoSecure got an opportunity to explore the working of monitoring and alerting systems as a part of a project. In this blog post, Anand Tiwari will talk about his experience and challenges faced while setting up one such monitoring and alerting system.   Insufficient Logging and Monitoring In 2017, OWASP introduced

Read more

Achieving DevSecOps using AWS Cloud Native Services

In our previous article Achieving DevSecOps using Open-Source Tools we explored what “DevSecOps” really meant and how that can be achieved using simple Open-Source tools integrated into an existing DevOps pipeline orchestrated with Jenkins and deployed on docker in an ad hoc on-premises architecture. In this article Rohit Salecha and

Read more