Security Scanning in Non-Standard Applications with Burp Macros: Performing the Scan
Burp Suite

DISCLAIMER: Only perform security testing on applications which you have explicit permission to do so. Also, this post shows features for Burp Suite Professional, as the Macros and scanning features are not available without a license. In the previous blog post, I detailed configuring Burp Suite for usage in security testing. Please reference the material […]

Read more
Getting Up and Running with Sonatype Lifecycle

It has become standard practice for modern software development organizations to integrate open source components into their products, as it enables them to leverage existing solutions and technologies, thereby avoiding the need to reinvent the wheel. In fact, open source repositories like Maven Central are reporting record increases in downloads annually (30 Billion in 2015, […]

Read more
2017 Q1 SecureCI™ Release
Security

I know what you’re thinking…what happened to the 2016 release? Well, 2016 was an interesting year, and unfortunately we weren’t able to get out a mid-year release, and our Q4 release got pushed to Q1 of this year. But, finally, an updated version of SecureCI™ is here! So, what can you expect from this release? Upgrades First and […]

Read more
Sonatype’s New Nexus Lifecycle Helps Teams Migrate Open Source Libraries
Sonatype Lifecycle

For a variety of reasons, a lot of companies are moving to an Agile, DevOps Culture, Continuous Integration and Delivery/Deployment (CI/CD) model. These transformations rely on a variety of tools, including open source. A lot of organizations also use open source tools and libraries to develop their applications and in order to ensure security, these […]

Read more
Security Scanning in non-Standard Applications with Burp Macros: Setup
Security

DISCLAIMER: Only perform security testing on applications which you have explicit permission to do so. Also, this post shows features for Burp Suite Professional, as Macros and scanning are not available without a license. Identifying the Target Many web applications are unique and apply complexity which defeats basic security scanning. This can come in the […]

Read more
Creating ‘QA Friendly’ Machines in a Dynamic Environment

I’m currently working on a DevOps project, heavily centered around AWS GovCloud. It’s important to point out I’m working in GovCloud, as opposed to AWS, as this means several key tools are missing. My colleague, Alan Crouch, recently pointed out how NAT Gateways are missing from the offered infrastructure. Another tool we found missing was Route 53, […]

Read more
DevOps in a Regulated and Embedded Environment: Git Flow in a Regulated World

Welcome to the second post in my series, “DevOps in a Regulated and Embedded Environment”. In this part, we’ll take a look at how a normal git workflow needs to adapt in a regulatory environment, and how tooling can support the necessary changes. Namely, regulation may stop the development team from releasing a planned feature, […]

Read more
Running Selenium Tests with Maven

One of the most important things in software testing is integrating tests with the build tool that your project uses. Developers need to be able to run your tests easily, otherwise, they’re probably not going to run them. Another reason for integrating tests is that it encourages clearly defining your project’s build process. In the case […]

Read more
Setting up OpenLDAP

I recently needed to setup OpenLDAP for a client. We setup an entire pipeline, similar to SecureCI and wanted to tie all of the tools into one login system. The installation was pretty straitforward, but we wanted to ensure our tooling stack was secured, so we moved a bit beyond the basics. This is all […]

Read more
X