Why Software Testing is Key to DevOps
Testing

One of the major reasons organizations adopt DevOps practices is to accelerate delivery of software to production. This includes deploying more frequently and reducing lead time. However, many organizations fail to include quality components in their practices. This leads to organizations delivering code faster, but unfortunately, that code is just poor. Continuous deployment without quality […]

Read more
DevSecOps: Incorporate Security into DevOps to Reduce Software Risk
Security

By now, most organizations have heard of DevOps, and many have begun to adopt DevOps practices as a key enabler of software delivery. Organizations that employ an agile approach find DevOps practices a natural extension, and DevOps truly enables agile practices to flourish. Organizations typically start with implementing continuous integration, test-driven development, and test automation […]

Read more
DevSecOps: The Solution to the Equifax Problem
Credit Card

By now, most Americans have heard of the breach of over 143 million (and counting) U.S. consumer’s financial data to hackers earlier this month.  A well-published vulnerability in Apache Struts (CVE-2017-5638) was not patched for months in Equifax applications.  This vulnerability was readily available to hackers and exploited against critical systems holding data such as […]

Read more
DevSecOps Means More than Just Automation, It’s a Mindset
Security

When people think of DevSecOps the first thing that comes to mind is automation. A strong DevSecOps environment should employ tools that automate the following: Continuous Integration, Continuous Delivery, Continuous Testing, Continuous Deployment, and Continuous Monitoring. While automation is certainly important, it’s just as important (if not more important) to build the mindset that “everyone […]

Read more
Make Your Security Testing More Agile
Security

For decades, software security organizations and those that assure security have built processes and procedures around waterfall software development practices. This has often led to security testing being “bolted on” at the end of the process. In addition, many organizations have seen the rise of mindless information security assurance, whereby engineers avoid assessing, understanding, or […]

Read more
TechWell Announces Coveros CEO Jeffery Payne as AgileConnection Technical Editor
Jeff Payne Training

Jacksonville, FL (May 26, 2017) — TechWell Corporation, an industry leader in software improvement conferences, training, and online communities, has announced that Jeffery Payne will be the new technical editor of the AgileConnection online community. AgileConnection is growing in popularity and in members as one of the largest online sources for articles, interviews, and a […]

Read more
Scripting with OWASP ZAP
Security

So you’ve got a great DevOps pipeline that builds, tests and deploys your application. You might still be running manual security scans for vulnerabilities or you could be passively scanning with OWASP ZAP as your functional tests run. Here are some ways you can automate OWASP ZAP to actively scan your entire application for vulnerabilities. […]

Read more
Sonatype’s New Nexus Lifecycle Helps Teams Migrate Open Source Libraries

This is part 2 of my blog series about Nexus Lifecycle. If you missed my first part you can find by clicking this link. Here I will talk about how to properly roll out Nexus Lifecycle in an Enterprise Environment based on a past experience. The first thing you need to do is to make […]

Read more
3 Essential Components to Building a Security Testing Practice

Nearly every organization dreads the “S-word,” but security should be something we embrace early instead of avoiding until the last minute. It’s strange that we would delay something that could derail our entire application release to the very end when we know we will have no time to address it. Fear of the unknown and fear of failure are […]

Read more
Security Scanning in Non-Standard Applications with Burp Macros: Performing the Scan
Burp Suite

DISCLAIMER: Only perform security testing on applications which you have explicit permission to do so. Also, this post shows features for Burp Suite Professional, as the Macros and scanning features are not available without a license. In the previous blog post, I detailed configuring Burp Suite for usage in security testing. Please reference the material […]

Read more
X