Problem with Default Validation While using Laravel to build a web application, I needed to perform custom validation on user input, such as a password parameter. By default, Laravel manages this through AJAX handled on the client side. However, I wanted a more robust solution. Also, helpful libraries, such as a check of whether an […]
It’s that time of year, new year, new SecureCI release! 2015 ended well, with Coveros releasing a much more robust version of SecureCI. Not too many new features, but lots of bug fixes and some major upgrades of the application. This release focused on updating core components to latest release versions, correcting critical defects, and […]
To summarize the 3 day B-SidesDC conference: Be Afraid. In all seriousness, there are many systems we use daily which are quite vulnerable. The solution is to be vigilant, know what to look for, and understand how to fix it. It is good to know that the industry mindset is migrating towards an “Assume Breach” […]
The software development IDE, JetBrains PhpStorm, is a versatile tool to incorporate into a DevOps pipeline. One useful method of expanding upon its native features is to add the SonarQube plugin to provide source code analysis. Step-by-step documentation is scattered or insufficient, so I have compiled an explanation of the process, with accompanying screenshots. This does […]
Here are some tips for keeping your OS environment secure, the DevOps way. Scanning Get your environment scanned early and often. And your first scan should happen even earlier. Nothing is worse than getting your first set of scan result back and realizing you have just been given 2 weeks worth of “surprise” work. Our […]
As I’m certain everyone is aware, a new version of SecureCI™ has been released! Many more tools have been included, and while the basic setup is the same, there is a bit more configuration that you’ll need to setup. My previous post of how to startup a new instance of SecureCI™ is still accurate, however […]
I am the black sheep of the company. Everything I run is Linux in some form or another except when required by a client. This includes my phone. When I first heard about Stagefright my heart sank, mostly for all the ribbing I would get for my co-workers, but also because my phone is rooted, more […]
\\This webinar was part of the Engineer Your DevOps Webinar Series, led by Coveros CEO Jeffery Payne and DevOps Practice Lead Rich Mills. The special guest was Glenn Buckholz, a Technical Lead on DevOps work at the Department of Homeland Security for Coveros. Glenn has worked with a wide range of federal and commercial customers […]
DevOps and Security have often been considered mutually exclusive. Both are imperative to developing high-quality applications, but continue to be seen as entirely separate processes. Tools that combine DevOps and Security tend to only integrate static security code analysis, and do so within the early stages of Continuous Integration. These scans are performed simultaneously, running […]
Dear Loyal Readers, Security, like safety, almost always makes your life harder. It is inefficient. Now, as I said before, I love Jenkins for scripting and organizing project operations and today I’d like to talk about a security feature that can help you have your cake and eat it too. The challenge for us is that […]
