DevSecOps: The Solution to the Equifax Problem

By now, most Americans have heard of the breach of over 143 million (and counting) U.S. consumer’s financial data to hackers earlier this month.  A well-published vulnerability in Apache Struts (CVE-2017-5638) was not patched for months in Equifax applications.  This vulnerability was readily available to hackers and exploited against critical systems holding data such as […]

Read more
Setting up your ‘Black Box of Privacy’

In a previous post I outlined a bunch of ideas for keeping your internet usage private. Towards the end of the post, I indicated that I would provide follow-ups for setting up the configurations outlined. Well, this is the first of those posts. There were three examples that I had saved for working through. Each […]

Read more
Building and Testing Secure Mobile Apps
Mobile Security

Mobile application development has been on the rise lately because of the convenience mobile apps have to offer. Despite the occurrence of security breaches performed on mobile devices recently, security testing is not as emphasized as other forms of quality testing measures such as user acceptance or functional testing. Just last year, hackers in China […]

Read more
3 Essential Components to Building a Security Testing Practice

Nearly every organization dreads the “S-word,” but security should be something we embrace early instead of avoiding until the last minute. It’s strange that we would delay something that could derail our entire application release to the very end when we know we will have no time to address it. Fear of the unknown and fear of failure are […]

Read more
Analyzing Data On Android Devices

Introduction I just finished giving my talk at StarEast about testing on a rooted device, and it went wonderfully. The room wasn’t packed, but the people who were there were the correct people…and that is what I really care about. We covered a good overview of what elevated privileges means for each device, discussed multiple […]

Read more
Testing On A Rooted Device

Introduction TechWell’s STAREAST is just 2 weeks away. Among other things, I’ll be talking about testing on a rooted device, specifically, what are the benefits, and what are some tools that can help you out. One of the things I WON’T be covering is how to root the physical device. Disappointing, I know, but due […]

Read more
Why Test on Different Networks – Proprietary Data

Introduction Back in October I wrote a post about testing your mobile application on different networks and I promised a few follow-up articles. Unfortunately, I have been sidetrack with a lot of other work, and finally I have some time to get back to addressing this issue. This article will go over some results of […]

Read more
X