DevSecOps Means More than Just Automation, It’s a Mindset
Security

When people think of DevSecOps the first thing that comes to mind is automation. A strong DevSecOps environment should employ tools that automate the following: Continuous Integration, Continuous Delivery, Continuous Testing, Continuous Deployment, and Continuous Monitoring. While automation is certainly important, it’s just as important (if not more important) to build the mindset that “everyone […]

Read more
Generate Parameter Values Dynamically in Jenkins
Single Sign On

I am currently working on implementing Single Sign-On (SSO) for the entire Coveros domain. This project required me to implement a process to add current Coveros employees into our FreeIPA server as well as account for any future employees that will be onboarded. In order to deal with this problem, a script was written which […]

Read more
Make Your Security Testing More Agile
Security

For decades, software security organizations and those that assure security have built processes and procedures around waterfall software development practices. This has often led to security testing being “bolted on” at the end of the process. In addition, many organizations have seen the rise of mindless information security assurance, whereby engineers avoid assessing, understanding, or […]

Read more
TechWell Announces Coveros CEO Jeffery Payne as AgileConnection Technical Editor
Jeff Payne Training

Jacksonville, FL (May 26, 2017) — TechWell Corporation, an industry leader in software improvement conferences, training, and online communities, has announced that Jeffery Payne will be the new technical editor of the AgileConnection online community. AgileConnection is growing in popularity and in members as one of the largest online sources for articles, interviews, and a […]

Read more
Setting up your ‘Black Box of Privacy’
Internet privacy

In a previous post I outlined a bunch of ideas for keeping your internet usage private. Towards the end of the post, I indicated that I would provide follow-ups for setting up the configurations outlined. Well, this is the first of those posts. There were three examples that I had saved for working through. Each […]

Read more
Scripting with OWASP ZAP
Security

So you’ve got a great DevOps pipeline that builds, tests and deploys your application. You might still be running manual security scans for vulnerabilities or you could be passively scanning with OWASP ZAP as your functional tests run. Here are some ways you can automate OWASP ZAP to actively scan your entire application for vulnerabilities. […]

Read more
Building and Testing Secure Mobile Apps
Mobile Security

Mobile application development has been on the rise lately because of the convenience mobile apps have to offer. Despite the occurrence of security breaches performed on mobile devices recently, security testing is not as emphasized as other forms of quality testing measures such as user acceptance or functional testing. Just last year, hackers in China […]

Read more
Staying Secure on the Internet

With the passing of S.J.Res.34 and H.J.Res.86, and now that the bill is signed, many people are panicking about their privacy. Now, I have read all sorts of things about changes we will or won’t see as a result of this bill, but either way, you should take this as a wake-up call. As we always see in the […]

Read more
Sonatype’s New Nexus Lifecycle Helps Teams Migrate Open Source Libraries

This is part 2 of my blog series about Nexus Lifecycle. If you missed my first part you can find by clicking this link. Here I will talk about how to properly roll out Nexus Lifecycle in an Enterprise Environment based on a past experience. The first thing you need to do is to make […]

Read more
X