Automating and Scaling App Protection with Azure Devops

September 10, 2018 5988 Views Gabriel Torok

Prevention, detection, and response

Today, Microsoft announced Azure DevOps – Loosely, it is TFS and VSTS, with its services broken out into distinct components that can be used together or separately. The Azure DevOps services are Azure Boards, Azure Repos, Azure Pipelines, Azure Test Plans and Azure Artifacts. When Azure DevOps was VSTS and TFS, we supported integration with PreEmptive’s Dotfuscator. Today, none of that changes. As Azure DevOps evolves, we will continue to improve our integration, so that you can easily add multi-layered protection to your valuable apps.

In Mindset shift to a DevSecOps culture, Buck Hodges, Director of Engineering for Visual Studio Team Services, stressed the importance of both preventing breaches and “assuming breaches. ”In essence, prevention only gets you part of the way there. “Assuming a breach” allows for effective incident detection, response and recovery process planning.

PreEmptive’s protection tools (Dotfuscator and DashO) easily integrate with your Azure DevOps process, hardening your applications by injecting controls such as:

Anti-Reverse Engineering
Anti-Tampering
Anti-Inspection
Anti-Compromised Device

Hardened applications can respond to attacks by executing standard or customized behaviors. For example, an application could simply exit, or it could send security related messages to an Azure analytics platform such as Visual Studio App Center. In addition to helping satisfy PCI, NIST, and other guidelines, this strategy also lines up with the OWASP mobile recommendation to shut down an app running on a rooted device, to prevent compromise.

For sensitive or high value applications, organizations in virtually every industry are incorporating application hardening and obfuscation into their DevOps process. Along with using other application security practices this can create a DevSecOps process. I will have a future blog with more information on DevSecOps.

What now?

Learn more about securing and protecting your mobile, service, and desktop components with PreEmptive Protection and Azure DevOps, and get a free evaluation of application protection here.

In addition, a free tool called Dotfuscator Community is included in Visual Studio. It is easy to add to your Azure DevOps process via a free extension available here: https://marketplace.visualstudio.com/items?itemName=PreEmptiveSolutions.dotfuscator-ce-vsts

PreEmptive Solutions is committed to deepening and broadening its integration into Azure DevOps alongside other Azure DevOps partners such as Mobilize and Progress.

To learn more about #AzureDevOps see https://aka.ms/azurevsts.

Latest Blog Posts

No Contact Normal: Solving the Payment Security Gap

The coronavirus crisis is changing human behavior. From the persistent need for social distancing to the potentially permanent adoption of work-from-home mandates, the “new normal” is uncharted territory.

But the growing priority of public health also has knock-on effects in other fields, such as credit and debit payments. While the United Stated has historically lagged behind other countries such as Canada, the United Kingdom and Australia when it comes to the adoption of contactless card transactions, the demand for physical distance now trumps the functional familiarity of swipe-and-signature or chip-and-PIN interactions.

Facilitating “no contact normalcy”, the PCI Security Standards Council (PCI SSC) includes guidance for both commercial deployments and software applications to help solve potential payment security gaps. Here’s what you need to know.

Localization is often a key ingredient when building Xamarin Forms applications with a global audience. There are different ways to approach app localization, but most of these leverage the built-in tools provided by the .NET Framework. These include RESX files to configure localized strings and an auto-generated resource class which provides strongly-typed access to the string translation at runtime. This mechanism has been available since .NET 1.1, and is used for localization of WinForm, WPF, ASP.NET, and Xamarin applications.

In the months since we released the Dotfuscator 6 beta, we’ve been hard at work finishing the feature set, fixing issues, and putting on the final touches in preparation for the full release. Now, we are happy to announce the full availability of Dotfuscator 6!

It’s official. COVID-19, more commonly known as the Coronavirus, has been declared a global pandemic by the World Health Organization (WHO) with hundreds of thousands of cases worldwide. In the United States, restrictions are ramping up as case numbers soar — New York governor Andrew Cuomo has ordered all nonessential workers to stay home, and my own state’s governor Mike DeWine has issued a statewide shelter-in-place order.

Along with disruptions to daily life, the expanding impact of COVID-19 has forced businesses to rapidly pivot and adopt remote-work models — even if they have no experience with mobile connections and on-demand collaboration. The result is a surge in remote everything, from team chats to primary school education to project management and even healthcare delivery. See my previous blog on our customer commitment during the age of Coronavirus.

And while efforts to bridge the digital divide are having a positive impact for both workplace productivity and the mental health of those in isolation, there’s a potential pitfall: Cybersecurity. As noted by CNBC, there’s already been a significant uptick in scam and phishing emails — but what happens if malicious actors breach critical apps and services?

At PreEmptive, we’re closely following the evolving Coronavirus (COVID-19) public health emergency, and our thoughts are with those affected and their families during this difficult time.

We are taking precautionary steps to continue normal operations without affecting our customers. At the same time, ensuring the health and safety of our customers, partners, and employees is our highest priority.

We have provided application protection software to the world's top organizations for more than 20 years. Although, this case is somewhat unique, it is not the first time we have been confronted with economic disruptions and uncertainties. Prior critical lessons have helped shape us into the company we are today: a robust organization with layers of contingency plans in place, a strong balance sheet, and an experienced team that values long-term relationships with our customers and partners above all else.

Automating and Scaling App Protection with Azure Devops

Prevention, detection, and response

No Contact Normal: Solving the Payment Security Gap

Protecting Localized Xamarin Forms Applications

Dotfuscator 6: The Next Era of Dotfuscator

Going the Distance — Remote Work and Effective Cybersecurity in the Age of Coronavirus

Our Commitment to Customers During the COVID-19 Outbreak

Latest Blog Posts

No Contact Normal: Solving the Payment Security Gap

Protecting JavaScript Code: The Making of JSDefender

Protecting Localized Xamarin Forms Applications

Dotfuscator 6: The Next Era of Dotfuscator

Going the Distance — Remote Work and Effective Cybersecurity in the Age of Coronavirus

Twitter