Security Scanning in Non-Standard Applications: Creating Macros

February 23, 2017 / No Comments

DISCLAIMER: Only perform security testing on applications which you have explicit permission to do so. Also, this post shows features for Burp Suite Professional. Specifically, the macros and scanning are not available without a license. In the previous blog post, I detailed configuring Burp Suite for usage in security testing. Please reference the material in […]

Read More

2017 Q1 SecureCI™ Release

February 21, 2017 / No Comments

I know what you’re thinking…what happened to the 2016 release? Well, 2016 was an interesting year, and unfortunately we weren’t able to get out a mid-year release, and our Q4 release got pushed to Q1 of this year. But, finally, an updated version of SecureCI™ is here! So, what can you expect from this release? Upgrades First and […]

Read More

Running Selenium Tests Through ZAP

February 16, 2017 / No Comments

Many organizations we work with have some understanding of front-end testing using tools like Selenium. However, they struggle to prioritize, understand or properly implement security scanning in their Agile/DevOps Development process. One of the easiest ways to implement security testing with little to no additional effort is to use OWASP Zed Attack Proxy in conjunction […]

Read More

Sonatype’s New Nexus Lifecycle Helps Teams Migrate Open Source Libraries

February 13, 2017 / No Comments

For a variety of reasons, a lot of companies are moving to an Agile, DevOps Culture, Continuous Integration and Delivery/Deployment (CI/CD) model. These transformations rely on a variety of tools, including open source. A lot of organizations also use open source tools and libraries to develop their applications and in order to ensure security, these […]

Read More

Automation of Transferring Files from a Windows Server

February 9, 2017 / No Comments

I was recently on a project which required my team and I to implement a comprehensive backup scheme involving an AWS (Amazon Web Services) Windows 2012 R2 server. Critical data stored on this server had to be available at all times. My team and I decided to approach the backup task by creating snapshots of […]

Read More

Using Docker to Increase Confidence in Your Products and Deployments

February 6, 2017 / No Comments

Hey DevOps Engineers, Docker is ready! I started getting into Docker just under a year ago. It obviously had promise, but I couldn’t find many people using it successfully.  Since then Docker has matured, and I’ve been recommending it to everyone doing CI/CD web-services. When the IT services industry first went to the dynamic virtual […]

Read More

Security Scanning in non-Standard Applications with Burp Macros: Setup

January 31, 2017 / No Comments

DISCLAIMER: Only perform security testing on applications which you have explicit permission to do so. Also, this post shows features for Burp Suite Professional, as Macros and scanning are not available without a license. Identifying the Target Many web applications are unique and apply complexity which defeats basic security scanning. This can come in the […]

Read More

Hotfixes within DevOps Pipelines

January 19, 2017 / No Comments

I recently wrote several blog posts about setting up a DevOps pipeline, and it was working great for our code. However, recently, I ran into an issue. My perfectly written and tested code somehow introduced a bug into our production environment! Luckily, we caught this issue quickly, and it was a relatively easy fix. So, I fixed the code, […]

Read More

Using JRebel to Improve Developer Productivity

December 21, 2016 / No Comments

On our current project, we are using a JBoss application server to host the services that the application needs to function.  This application server takes about 1.5 minutes to start.  This means that after a developer makes a change to the code, they must wait at least this long (in addition to the amount of […]

Read More

New and Improved QuickBooks Architecture

December 20, 2016 / No Comments

Here at Coveros, our accountants were facing significant issues with QuickBooks Premier Professional Services 2015. The initial login process was painfully slow, often taking up to twenty minutes to get a stable login. The software often struggled while switching between single-user mode and multi-user mode (which was done to allow multiple users to access the […]

Read More

AWS and Synology FTP

December 15, 2016 / No Comments

In the last project I was involved in I needed to establish a connection between a Windows Server 2012 instance in Amazon Web Services (AWS) and a physical Synology network-attached storage (NAS). The challenge was that the NAS  was located at a remote site and was behind a router. I needed to do this in […]

Read More

Hippocratic Oath of Software: Don’t Make It Worse!

December 14, 2016 / No Comments

Some of you may be familiar with the Hippocratic Oath common in the medical field, often paraphrased as “Do no harm.” In a light-hearted casual conversation with a colleague the other day, I realized that we need a similar oath in the field of software development: “Don’t make it worse.”

Read More