Whether you’re setting up a VPN server or establishing SSL certificates for your internal websites, there are a lot of reasons to consider setting up your own certificate authority (CA) for your organization. On my current project, we ran into the former situation and quickly realized the widely recommended default of setting up a separate […]
Ransomware has become a sufficient threat to warrant a public alert by the US-CERT in March 2016, with an update posted in July 2016. Ransomware is a virus that partially or entirely encrypts a hard drive. The encryption key is then sold to the owner to allow the data to be recovered. One branch of […]
I recently needed to setup OpenLDAP for a client. We setup an entire pipeline, similar to SecureCI and wanted to tie all of the tools into one login system. The installation was pretty straitforward, but we wanted to ensure our tooling stack was secured, so we moved a bit beyond the basics. This is all […]
Disclaimer: I have no intention of detailing how the box was exploited, with a map of how to break this system again. I intend to show the methods used to discover and trace the breach throughout the server. Welcome to part 2 of 3 of my Forensics Analysis blog. At this point in […]
I have now twice spent multiple days trying to get a Gitblit server to communicate with a Jenkins server over SSH. This was done as part of ongoing work to update the Coveros SecureCI product with the goal of properly configuring both tools and a self-signed certificate to enable Gitblit’s post-commit jenkins hook to trigger builds. Given that […]
Disclaimer: I have no intention of detailing how the box was exploited, with a map of how to break this system again. I intend to show the methods used to discover and trace the breach throughout the server. Welcome to part 1 of 3 of my Forensics Analysis blog. At some point in the […]
OWASP Zed Attack Proxy (ZAP) is one of my favorite tools for scanning and performing vulnerability tests on a web application. It has a simple GUI to get started, with a large capability for customization to tailor scans as needed. Recently, I was faced with a problem to login and then scan the authenticated segments of […]
On my last two posts I went through setting up CI for your PHP project. While I promised this post would cover setting up CD for your pipeline, I realized that I left out a fairly useful (but in my mind unique) part of the process. Our PHP application is using Laravel as the back […]
Last month I started writing about the DevOps pipeline that I built out for a PHP project. Today I plan on filling it out a bit more. What I described last week is what many people consider a full CI Pipeline, executing unit tests, code coverage, and static analysis. I threw in a little more […]
I recently was put on a project where we are doing development for a website. There was already a large code, and we went in to add features in order to complete the site, and perform code refactoring when necessary. In order to accomplish this successfully, we decided to follow the SecureAgileTM, which involves ensuring […]
