Creating a WebGoat VM for Hacking Practice

WebGoat is, according to its home on OWASP, “WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons.” (<https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project>) I find it particularly useful for (as it states) learning some good web hacking techniques, but also for demonstrating those techniques to other people who are trying to learn. My concern with WebGoat, however, […]

Read more
Security Testing: Web Application Fuzz Testing

Fuzz testing or Fuzzing, a technique originated in 1988 by Professor Barton Miller at the University of Wisconsin, is a software testing technique where invalid, unexpected, and or random data is input into the system at various levels in an effort to uncover unexpected system behaviors and system failures including system crashes, failing code assertions, […]

Read more
Monitoring System Calls for Active Authentication with Detours

Coveros Labs recently received funding from the Defense Advanced Research Projects Agency (DARPA) through the Active Authentication program.  The goal of this program is to develop “novel ways of validating the identity of [a] person … that focus on the unique aspects of the individual through the use of software-based biometrics.” Traditional authentication techniques require […]

Read more
Using CAT.NET security scanner on your .NET web application

Inspecting source code for security vulnerabilities is an important part in any secure development process. While this can be done manually, it’s much easier to start with a static analysis tool that can scan code for known vulnerabilities. Statistics out there claim anywhere from 30-50% of coding vulnerabilities can be found with a code scanner. For .NET […]

Read more
Coveros Active Authentication Project Makes Headlines

From Nextgov.com: The military venture capital wing has tapped scientists to build computer systems that can detect intruders by picking out abnormal behavior from familiar patterns generated by authorized users. Defense Advanced Research Projects Agency has awarded a contract to security software developer Coveros to research methods to validate the identity of a computer user […]

Read more
DARPA Selects Coveros to Research Active Authentication Techniques

Research Will Protect Computer Systems from Unauthorized Use Coveros, Inc., the market leader in secure agile software development, today announced that the Defense Advanced Research Projects Agency (DARPA) has awarded the company a research contract to invent novel approaches for actively authenticating computer system users. This research aims to make it possible to detect, in […]

Read more
DARPA Selects Coveros to Research Active Authentication Techniques

DARPA Selects Coveros to Research Active Authentication Techniques Research Will Protect Computer Systems from Unauthorized Use Loudoun County, VA, July 19, 2012 — Coveros, Inc., the market leader in secure agile software development, today announced that the Defense Advanced Research Projects Agency (DARPA) has awarded the company a research contract to invent novel approaches for […]

Read more
X