In a previous post I outlined a bunch of ideas for keeping your internet usage private. Towards the end of the post, I indicated that I would provide follow-ups for setting up the configurations outlined. Well, this is the first of those posts. There were three examples that I had saved for working through. Each […]
So you’ve got a great DevOps pipeline that builds, tests and deploys your application. You might still be running manual security scans for vulnerabilities or you could be passively scanning with OWASP ZAP as your functional tests run. Here are some ways you can automate OWASP ZAP to actively scan your entire application for vulnerabilities. […]
Rugged DevOps, or DevSecOps, is a method for developing software that is gaining much traction in recent years. However, the security tools and practices may not merge well with automation. This produces bottlenecking or delays security processes until time-consuming manual tests at the end of a release cycle. Such delays in security testing greatly increase […]
When going to a new environment, it would be nice if someone had already thought out the networking and authentication needs. It would be nice if we had a sane DNS solution and a good LDAP server. Regrettably, Life in operations is not always that nice. We are frequently asked to quickly set up a […]
Mobile application development has been on the rise lately because of the convenience mobile apps have to offer. Despite the occurrence of security breaches performed on mobile devices recently, security testing is not as emphasized as other forms of quality testing measures such as user acceptance or functional testing. Just last year, hackers in China […]
In my previous post, I covered the initial installation of Sonatype LifeCycle (aka IQ Server). In this post, I will show you how to integrate it into Eclipse IDE, but first a quick background on the benefits of this integration and the value it adds to your software development process. As I mentioned previously, IQ […]
The video below demonstrates how to test a mobile application for local data storage vulnerabilities. For this demonstration, I used a mobile application called iGoat. iGoat is designed for the iOS platform and functions as a learning tool for iOS developers. iGoat is a safe environment in which iOS developers can gain knowledge about the […]
On my current project, my team is using FreeIPA to implement Single Sign-On (SSO) for all the employees at Coveros. FreeIPA is an open-source security solution for the Linux operating system which provides account management and centralized authentication, similar to Microsoft’s Active Directory. It is built on top of multiple open source projects such as […]
Last month I talked about the need for Docker-aware configuration management (CM) tools to effectively build and test containers in a CI/CD pipeline. The goal is to not install any extra tooling inside of the docker container that gets published for production use; not sshd, nor any CM tooling. This technical post documents the major […]
Background Finance and accounting are only two of a great number of fields that are increasingly dependent on the Internet. The idea of using the web to do personal finance emerged a few years back. Tools like Quicken and Mint allow the end-users to simply link their bank accounts and pull transactions from those accounts, which […]
