Teaching Firefox to use a CAC

Some of the sites I use require a CAC smart card to establish SSL access. (Forge.mil is an example of this.) Chrome and IE (shudder) are both smart enough to use a smart card for certificates out of the box on Windows. Unfortunately, Firefox doesn’t seem to be set up to do it without some […]

Read more
Setting start up position for Windows RDP Windows

I have an annoying situation where I create RDP windows and they seem to always start the same (but wrong) size. For example, one of my sessions starts “maximized” but only 1280×1024 sized so it ends up having scrollbars inside my 1920×1200 monitor. I then have to de-maximize it, move the window somewhere, and drag […]

Read more
Scaling Agile isn’t such a Stretch

By Lisa Morgan Reposted from SD Times Being agile is more critical than ever as businesses compete for customers. The true level of agility can vary greatly from company to company, team to team, department to department and person to person. As organizations scale agile out from pilots and small groups to critical projects involving […]

Read more
Subversion load and performance testing in 10 lines or less?

I needed a quantifiable test that can measure svn performance during a check out. This script take 2 arguments, number of checkouts and parallelism. For example, if I want to run 100 checkout 2 at a time ./load.sh 100 2 or 100 checkouts 50 at a time ./load.sh 100 50   #!/bin/bash i=0;  url=”<a href=”http://mysvnrepo” while”>http://mysvnrepo” while</a> [ $i -lt $1 ]; […]

Read more
Creating a WebGoat VM for Hacking Practice

WebGoat is, according to its home on OWASP, “WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons.” (<https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project>) I find it particularly useful for (as it states) learning some good web hacking techniques, but also for demonstrating those techniques to other people who are trying to learn. My concern with WebGoat, however, […]

Read more
Security Testing: Web Application Fuzz Testing

Fuzz testing or Fuzzing, a technique originated in 1988 by Professor Barton Miller at the University of Wisconsin, is a software testing technique where invalid, unexpected, and or random data is input into the system at various levels in an effort to uncover unexpected system behaviors and system failures including system crashes, failing code assertions, […]

Read more
Monitoring System Calls for Active Authentication with Detours

Coveros Labs recently received funding from the Defense Advanced Research Projects Agency (DARPA) through the Active Authentication program.  The goal of this program is to develop “novel ways of validating the identity of [a] person … that focus on the unique aspects of the individual through the use of software-based biometrics.” Traditional authentication techniques require […]

Read more
X