Cucumber-JVM Setup
Cucumber

Introduction As a software tester with Java experience, generally working with Java applications, the release of the cucumber-jvm really excited me. I have been thinking about trying out Behavioral Driven Development for some time, and this tool (along with a new project) finally gave me the push I needed to try it out. I find […]

Read more
Using Sequences of System Events to Identify Users

In my last post on the Active Authentication project I described how to use Microsoft Detours to collect a trace of system calls (also known as system events) for a single process.  At Coveros Labs we leveraged an example program provided with Detours in order to create our own prototype system that validates the identity of a […]

Read more
Integrating CAT.NET into Hudson for Continuous Security Analysis

I recently published an article about using CAT.NET security scanner on your .NET web application. Once you get it running, it’s fairly simple to integrate it into your continuous integration process. Our strategy here will be to use a down-stream job in Hudson to run static security analysis on our application build after the main compilation/packaging […]

Read more
Teaching Firefox to use a CAC

Some of the sites I use require a CAC smart card to establish SSL access. (Forge.mil is an example of this.) Chrome and IE (shudder) are both smart enough to use a smart card for certificates out of the box on Windows. Unfortunately, Firefox doesn’t seem to be set up to do it without some […]

Read more
Setting start up position for Windows RDP Windows

I have an annoying situation where I create RDP windows and they seem to always start the same (but wrong) size. For example, one of my sessions starts “maximized” but only 1280×1024 sized so it ends up having scrollbars inside my 1920×1200 monitor. I then have to de-maximize it, move the window somewhere, and drag […]

Read more
Subversion load and performance testing in 10 lines or less?

I needed a quantifiable test that can measure svn performance during a check out. This script take 2 arguments, number of checkouts and parallelism. For example, if I want to run 100 checkout 2 at a time ./load.sh 100 2 or 100 checkouts 50 at a time ./load.sh 100 50   #!/bin/bash i=0;  url=”<a href=”http://mysvnrepo” while”>http://mysvnrepo” while</a> [ $i -lt $1 ]; […]

Read more
Monitoring System Calls for Active Authentication with Detours

Coveros Labs recently received funding from the Defense Advanced Research Projects Agency (DARPA) through the Active Authentication program.  The goal of this program is to develop “novel ways of validating the identity of [a] person … that focus on the unique aspects of the individual through the use of software-based biometrics.” Traditional authentication techniques require […]

Read more
Using CAT.NET security scanner on your .NET web application

Inspecting source code for security vulnerabilities is an important part in any secure development process. While this can be done manually, it’s much easier to start with a static analysis tool that can scan code for known vulnerabilities. Statistics out there claim anywhere from 30-50% of coding vulnerabilities can be found with a code scanner. For .NET […]

Read more
X