Blogs

Automated Test Case Best Practices

March 27, 2017 / No Comments

I frequently talk about best practices when writing test cases in the Mobile Application Testing Course that I teach. I recently ran into an issue on a project and figured it was worth throwing this information out for all to share. Test cases are great; obviously, they’re important to have, whether they’re automated or manual, as […]

Read More

Sonatype’s New Nexus Lifecycle Helps Teams Migrate Open Source Libraries

March 23, 2017 / No Comments

This is part 2 of my blog series about Nexus Lifecycle. If you missed my first part you can find by clicking this link. Here I will talk about how to properly roll out Nexus Lifecycle in an Enterprise Environment based on a past experience. The first thing you need to do is to make […]

Read More

3 Essential Components to Building a Security Testing Practice

March 20, 2017 / No Comments

Nearly every organization dreads the “S-word,” but security should be something we embrace early instead of avoiding until the last minute. It’s strange that we would delay something that could derail our entire application release to the very end when we know we will have no time to address it. Fear of the unknown and fear of failure are […]

Read More

Integrating Test Automation with DevOps to Create a Continuous Testing Environment

March 16, 2017 / No Comments

When I attended STARWEST in Anaheim in October 2016, I had the opportunity to sit down for an interview with Jennifer Bonine, VP, Global Delivery and Solutions at tap|QA LLC. In the interview, Jennifer and I discussed how to integrate test automation with DevOps to create a continuous testing environment. Jennifer Bonine: Hello, and welcome […]

Read More

Security Scanning in Non-Standard Applications with Burp Macros: Performing the Scan

March 13, 2017 / No Comments

DISCLAIMER: Only perform security testing on applications which you have explicit permission to do so. Also, this post shows features for Burp Suite Professional, as the Macros and scanning features are not available without a license. In the previous blog post, I detailed configuring Burp Suite for usage in security testing. Please reference the material […]

Read More

Testing Faster, Better, and Cheaper with Continuous Delivery

March 9, 2017 / No Comments

When I attended STARWEST in Anaheim in October 2016, I had the opportunity to sit down for an interview with Jennifer Bonine, VP, Global Delivery and Solutions at tap|QA LLC. In the interview, Jennifer and I discussed how and why companies should be testing with continuous delivery. Jennifer Bonine: Hi, and welcome back to the […]

Read More

Docker Containers as Continuous Integration Artifacts

March 2, 2017 / No Comments

Last month, I discussed using Docker containers because they increase confidence in our deployed infrastructure. Now that we’ve decided to use this new tool, we need to learn how to use it well. After spending some more time with containers, I’d like to dive deeper into their benefits and the process of building (and rebuilding […]

Read More

Getting Up and Running with Sonatype Lifecycle

February 28, 2017 / No Comments

It has become standard practice for modern software development organizations to integrate open source components into their products, as it enables them to leverage existing solutions and technologies, thereby avoiding the need to reinvent the wheel. In fact, open source repositories like Maven Central are reporting record increases in downloads annually (30 Billion in 2015, […]

Read More

Security Scanning in Non-Standard Applications: Creating Macros

February 23, 2017 / No Comments

DISCLAIMER: Only perform security testing on applications which you have explicit permission to do so. Also, this post shows features for Burp Suite Professional. Specifically, the macros and scanning are not available without a license. In the previous blog post, I detailed configuring Burp Suite for usage in security testing. Please reference the material in […]

Read More

2017 Q1 SecureCI™ Release

February 21, 2017 / No Comments

I know what you’re thinking…what happened to the 2016 release? Well, 2016 was an interesting year, and unfortunately we weren’t able to get out a mid-year release, and our Q4 release got pushed to Q1 of this year. But, finally, an updated version of SecureCI™ is here! So, what can you expect from this release? Upgrades First and […]

Read More

Running Selenium Tests Through ZAP

February 16, 2017 / No Comments

Many organizations we work with have some understanding of front-end testing using tools like Selenium. However, they struggle to prioritize, understand or properly implement security scanning in their Agile/DevOps Development process. One of the easiest ways to implement security testing with little to no additional effort is to use OWASP Zed Attack Proxy in conjunction […]

Read More

Sonatype’s New Nexus Lifecycle Helps Teams Migrate Open Source Libraries

February 13, 2017 / No Comments

For a variety of reasons, a lot of companies are moving to an Agile, DevOps Culture, Continuous Integration and Delivery/Deployment (CI/CD) model. These transformations rely on a variety of tools, including open source. A lot of organizations also use open source tools and libraries to develop their applications and in order to ensure security, these […]

Read More