Mobile application development has been on the rise lately because of the convenience mobile apps have to offer. Despite the occurrence of security breaches performed on mobile devices recently, security testing is not as emphasized as other forms of quality testing measures such as user acceptance or functional testing. Just last year, hackers in China […]
This is part 2 of my blog series about Nexus Lifecycle. If you missed my first part you can find by clicking this link. Here I will talk about how to properly roll out Nexus Lifecycle in an Enterprise Environment based on a past experience. The first thing you need to do is to make […]
Nearly every organization dreads the “S-word,” but security should be something we embrace early instead of avoiding until the last minute. It’s strange that we would delay something that could derail our entire application release to the very end when we know we will have no time to address it. Fear of the unknown and fear of failure are […]
DISCLAIMER: Only perform security testing on applications which you have explicit permission to do so. Also, this post shows features for Burp Suite Professional, as the Macros and scanning features are not available without a license. In the previous blog post, I detailed configuring Burp Suite for usage in security testing. Please reference the material […]
It has become standard practice for modern software development organizations to integrate open source components into their products, as it enables them to leverage existing solutions and technologies, thereby avoiding the need to reinvent the wheel. In fact, open source repositories like Maven Central are reporting record increases in downloads annually (30 Billion in 2015, […]
DISCLAIMER: Only perform security testing on applications which you have explicit permission to do so. Also, this post shows features for Burp Suite Professional. Specifically, the macros and scanning are not available without a license. In the previous blog post, I detailed configuring Burp Suite for usage in security testing. Please reference the material in […]
I know what you’re thinking…what happened to the 2016 release? Well, 2016 was an interesting year, and unfortunately we weren’t able to get out a mid-year release, and our Q4 release got pushed to Q1 of this year. But, finally, an updated version of SecureCI™ is here! So, what can you expect from this release? Upgrades First and […]
Many organizations we work with have some understanding of front-end testing using tools like Selenium. However, they struggle to prioritize, understand or properly implement security scanning in their Agile/DevOps Development process. One of the easiest ways to implement security testing with little to no additional effort is to use OWASP Zed Attack Proxy in conjunction […]
For a variety of reasons, a lot of companies are moving to an Agile, DevOps Culture, Continuous Integration and Delivery/Deployment (CI/CD) model. These transformations rely on a variety of tools, including open source. A lot of organizations also use open source tools and libraries to develop their applications and in order to ensure security, these […]
DISCLAIMER: Only perform security testing on applications which you have explicit permission to do so. Also, this post shows features for Burp Suite Professional, as Macros and scanning are not available without a license. Identifying the Target Many web applications are unique and apply complexity which defeats basic security scanning. This can come in the […]
