Hasan Yaşar scite author profile

Hasan Yaşar

4Publications

41Citation Statements Received

1Citation Statement Given

How they've been cited

How they cite others

Affiliations

Carnegie Mellon University, Software Engineering Institute, Ege University

Publications

Order By: Most citations

Where to Integrate Security Practices on DevOps Platform

Yaşar

Kontostathis

2016

View full text Add to dashboard Cite

“Software security” often evokes negative feelings amongst software developers because this term is associated with additional programming effort, uncertainty and road blocker activity on rapid development and release cycles. The Secure DevOps movement attempts to combat the toxic environment surrounding software security by shifting the paradigm from following rules and guidelines to creatively determining solutions for tough security problems (Taschner, 2015). Secure software should be focused on a proactive approach that limits the attack surface and produces reliable software. Secure DevOps developers want their software to bend but not break, which means the software absorbs attacks and continues to function. The burgeoning concepts of DevOps include a number of concepts that can be applied to increase the security of developed applications. Applying these and other DevOps principles can have a big impact on creating an environment that is resilient and secure. Specifically, this paper clearly explains how to address security concerns in the early stages of the development lifecycle and leverage that knowledge throughout the SDLC.

show abstract

Implementing DevOps practices in highly regulated environments

Morales

Yaşar

Volkman

2018

View full text Add to dashboard Cite

Cerebro: A platform for collaborative incident response and investigation

Connell

Palko

Yaşar

2013

View full text Add to dashboard Cite

Today's incident response training, architectures, and methodologies are all built upon disconnected siloes of domain expertise, but attacks upon an organization's critical information systems are not done in a disjointed way. Attacks on critical information systems and infrastructure are not solely network, or malware, or single disks; they are coordinated, large-scale multisite attacks done in an organized manner. With the increase in frequency and sophistication of these attacks, it is not enough to rely on intrusion detection systems, trusted IT staff, or organizational information security divisions. The velocity of a cyber attack should be met with an equally coordinated response. There is a need to develop a platform that enables responders to establish trust and develop an effective collaborative response plan and investigation process across multiple organizations and legal bodies to track adversaries, mitigate the threat, get critical systems back online, and pursue legal action against the offenders. In this work we propose such a platform for efficient collaboration. Our work is informed by our practices in supporting law enforcement organizations dealing with largescale distributed attacks on critical information systems and infrastructure and by an examination of Stuxnet, a computer worm discovered in June 2010 that is believed to have been created by the United States and Israel to attack Iran's nuclear facilities. Based on these experiences of operational support, the authors propose Cerebro, an Extensible Large-Scale Analysis Platform designed to fuse structured domain specific information, decision support, and collaboration in an automated fashion, to effectively detect and respond to such attacks.

show abstract

Implementing Secure DevOps assessment for highly regulated environments

Yaşar

2017

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Hasan Yaşar

Where to Integrate Security Practices on DevOps Platform

Implementing DevOps practices in highly regulated environments

Cerebro: A platform for collaborative incident response and investigation

Implementing Secure DevOps assessment for highly regulated environments

Contact Info

Product

Resources

About