Security Testing: OWASP ZAP (Zed Attack Proxy)

As part of my ongoing collection of reviews and thoughts on today’s Security Testing Tools, I’m taking a look at the Zed Attack Proxy (ZAP) by OWASP.  While, my last review of WebSecurify, looked at a very simplistic tool for Web Application Security Testing, this review will bring us a slightly more complex tool.   So where […]

Read more
Integrating CAT.NET into Hudson for Continuous Security Analysis

I recently published an article about using CAT.NET security scanner on your .NET web application. Once you get it running, it’s fairly simple to integrate it into your continuous integration process. Our strategy here will be to use a down-stream job in Hudson to run static security analysis on our application build after the main compilation/packaging […]

Read more
Subversion load and performance testing in 10 lines or less?

I needed a quantifiable test that can measure svn performance during a check out. This script take 2 arguments, number of checkouts and parallelism. For example, if I want to run 100 checkout 2 at a time ./load.sh 100 2 or 100 checkouts 50 at a time ./load.sh 100 50 #!/bin/bash i=0;  url=”<a href=”http://mysvnrepo” while”>http://mysvnrepo” while</a> [ $i -lt $1 ]; do […]

Read more
Security Testing: Web Application Fuzz Testing

Fuzz testing or Fuzzing, a technique originated in 1988 by Professor Barton Miller at the University of Wisconsin, is a software testing technique where invalid, unexpected, and or random data is input into the system at various levels in an effort to uncover unexpected system behaviors and system failures including system crashes, failing code assertions, […]

Read more
Using CAT.NET security scanner on your .NET web application

Inspecting source code for security vulnerabilities is an important part in any secure development process. While this can be done manually, it’s much easier to start with a static analysis tool that can scan code for known vulnerabilities. Statistics out there claim anywhere from 30-50% of coding vulnerabilities can be found with a code scanner. For .NET […]

Read more
Security Testing: Web Application Testing with WebSecurify

One of the biggest trends in issues in web application testing today is Security Testing.  Most people know their web application is important for their business; no one wants a big security breach. With hackers becoming more and more sophisticated, and vulnerabilities becoming easier and easier to exploit the odds are not in your favor. […]

Read more
Running a free copy of SecureCI in the Amazon cloud

Coveros has been offering downloadable copies of our integrated SecureCI™ platform as a VMware™ virtual machine image for quite a while now. SecureCI is an integrated stack of tools that provides version control, wiki, project/issue management, and code analysis to enable the development of high quality, secure applications. For more information about the history of SecureCI, read Gene […]

Read more
SecureCI: Enforce Formatting On Your SVN Comments

Most of us like things done the right way and (more often than not) our way. Nothing can be more infuriating than looking through poorly documented logs or code, and trying to understand poor documentation and what it was meant to get across. During development we often look to setting up good coding practices that […]

Read more
SecureCI: Enforce Formatting On Your SVN Comments

The focus of continuous delivery isn’t just about being quicker when developing and deploying, but rather delivering business value continuously. And we only see business value from software when it is made available to end users. I heard a project lead explain that his team had a continuous delivery process. They used source control management […]

Read more
X