Automating and Scaling App Protection with Azure Devops

September 10, 2018 5433 Views Gabriel Torok

Prevention, detection, and response

Today, Microsoft announced Azure DevOps – Loosely, it is TFS and VSTS, with its services broken out into distinct components that can be used together or separately. The Azure DevOps services are Azure Boards, Azure Repos, Azure Pipelines, Azure Test Plans and Azure Artifacts. When Azure DevOps was VSTS and TFS, we supported integration with PreEmptive’s Dotfuscator. Today, none of that changes. As Azure DevOps evolves, we will continue to improve our integration, so that you can easily add multi-layered protection to your valuable apps.

In Mindset shift to a DevSecOps culture, Buck Hodges, Director of Engineering for Visual Studio Team Services, stressed the importance of both preventing breaches and “assuming breaches. ”In essence, prevention only gets you part of the way there. “Assuming a breach” allows for effective incident detection, response and recovery process planning.

PreEmptive’s protection tools (Dotfuscator and DashO) easily integrate with your Azure DevOps process, hardening your applications by injecting controls such as:

Anti-Reverse Engineering
Anti-Tampering
Anti-Inspection
Anti-Compromised Device

Hardened applications can respond to attacks by executing standard or customized behaviors. For example, an application could simply exit, or it could send security related messages to an Azure analytics platform such as Visual Studio App Center. In addition to helping satisfy PCI, NIST, and other guidelines, this strategy also lines up with the OWASP mobile recommendation to shut down an app running on a rooted device, to prevent compromise.

For sensitive or high value applications, organizations in virtually every industry are incorporating application hardening and obfuscation into their DevOps process. Along with using other application security practices this can create a DevSecOps process. I will have a future blog with more information on DevSecOps.

What now?

Learn more about securing and protecting your mobile, service, and desktop components with PreEmptive Protection and Azure DevOps, and get a free evaluation of application protection here.

In addition, a free tool called Dotfuscator Community is included in Visual Studio. It is easy to add to your Azure DevOps process via a free extension available here: https://marketplace.visualstudio.com/items?itemName=PreEmptiveSolutions.dotfuscator-ce-vsts

PreEmptive Solutions is committed to deepening and broadening its integration into Azure DevOps alongside other Azure DevOps partners such as Mobilize and Progress.

To learn more about #AzureDevOps see https://aka.ms/azurevsts.

Latest Blog Posts

Going the Distance — Remote Work and Effective Cybersecurity in the Age of Coronavirus

It’s official. COVID-19, more commonly known as the Coronavirus, has been declared a global pandemic by the World Health Organization (WHO) with hundreds of thousands of cases worldwide. In the United States, restrictions are ramping up as case numbers soar — New York governor Andrew Cuomo has ordered all nonessential workers to stay home, and my own state’s governor Mike DeWine has issued a statewide shelter-in-place order.

Along with disruptions to daily life, the expanding impact of COVID-19 has forced businesses to rapidly pivot and adopt remote-work models — even if they have no experience with mobile connections and on-demand collaboration. The result is a surge in remote everything, from team chats to primary school education to project management and even healthcare delivery. See my previous blog on our customer commitment during the age of Coronavirus.

And while efforts to bridge the digital divide are having a positive impact for both workplace productivity and the mental health of those in isolation, there’s a potential pitfall: Cybersecurity. As noted by CNBC, there’s already been a significant uptick in scam and phishing emails — but what happens if malicious actors breach critical apps and services?

At PreEmptive, we’re closely following the evolving Coronavirus (COVID-19) public health emergency, and our thoughts are with those affected and their families during this difficult time.

We are taking precautionary steps to continue normal operations without affecting our customers. At the same time, ensuring the health and safety of our customers, partners, and employees is our highest priority.

We have provided application protection software to the world's top organizations for more than 20 years. Although, this case is somewhat unique, it is not the first time we have been confronted with economic disruptions and uncertainties. Prior critical lessons have helped shape us into the company we are today: a robust organization with layers of contingency plans in place, a strong balance sheet, and an experienced team that values long-term relationships with our customers and partners above all else.

Evolving Hazards, Emerging Hope and the Expanding Human Element

The theme at the RSA conference this year is the “Human Element” — the critical role of individuals in the efficacy of organizational security measures. Along with sessions about the hazards of IT complexity and the hope of ethical AI, the expanding impact of COVID-19 concerns offered a real-world example of human elements at work, highlighting how IT staff can both help — and hamper — the effectiveness of infosec efforts.

Here’s a look back on some of my biggest takeaways from RSA 2020.

Unlike Y2K, 2020 was not preceded by waves of doomsday predictions, hype and frenetic IT overhauls. Developers are still under pressure to produce more, in less time, and at a lower cost, enterprises are as committed to their love/hate relationship with software as ever, and app users still expect perfection.

…but don’t let the usual crush of work and expectations lull you into a sense that it’s just the same old sprint to the next development project. Recent enforcement precedents, regulatory milestones and standards updates strongly suggest that 2020 app development and app security requirements will be anything but “business as usual.”

PreEmptive is dedicated to protecting your apps, wherever and however they are built. Our recent release of the Dotfuscator 6.0 beta adds cross-platform support, allowing you to protect your application on other platforms besides Windows. This allows for intuitive integration into Xamarin.iOS projects on macOS.

In this blog post, we'll go through the steps required to bring this functionality to your existing Azure DevOps Pipelines and AppCenter builds.

Automating and Scaling App Protection with Azure Devops

Prevention, detection, and response

Going the Distance — Remote Work and Effective Cybersecurity in the Age of Coronavirus

Our Commitment to Customers During the COVID-19 Outbreak

RSA 2020 San Francisco Recap

Evolving Hazards, Emerging Hope and the Expanding Human Element

App Security: It’s a New Year! What’s New About It?

Building on a Mac with Dotfuscator 6 in Azure DevOps

Latest Blog Posts

Going the Distance — Remote Work and Effective Cybersecurity in the Age of Coronavirus

Our Commitment to Customers During the COVID-19 Outbreak

RSA 2020 San Francisco Recap

App Security: It’s a New Year! What’s New About It?

Building on a Mac with Dotfuscator 6 in Azure DevOps

Twitter