Dependency Checking Your Ruby Application

Dependency Checking Your Ruby Application Checking your application’s dependencies for known vulnerabilities is a critical, relatively low effort step you should take to secure your application, which you may have read about in another recent article: What is SCA? Compared to the wealth of tools used for dependency checking in, for example JavaScript,  there’s not […]

Read more
How to Configure Postman to use OWASP ZAP as a Proxy

OWASP ZAP (Open Web Application Security Project Zed Attack Proxy) is a powerful security scanning tool for those new to security testing as well as professional penetration testers. ZAP can be used for many different security testing tasks, such as actively simulating attacks, in order to expose vulnerabilities, or passively scanning requests as a proxy. […]

Read more
Scripting with OWASP ZAP

So you’ve got a great DevOps pipeline that builds, tests and deploys your application. You might still be running manual security scans for vulnerabilities or you could be passively scanning with OWASP ZAP as your functional tests run. Here are some ways you can automate OWASP ZAP to actively scan your entire application for vulnerabilities. […]

Read more
Filling out your CI Pipeline for Your PHP Project

Last month I started writing about the DevOps pipeline that I built out for a PHP project. Today I plan on filling it out a bit more. What I described last week is what many people consider a full CI Pipeline, executing unit tests, code coverage, and static analysis. I threw in a little more […]

Read more
Security Testing: OWASP ZAP (Zed Attack Proxy)

As part of my ongoing collection of reviews and thoughts on today’s Security Testing Tools, I’m taking a look at the Zed Attack Proxy (ZAP) by OWASP.  While, my last review of WebSecurify, looked at a very simplistic tool for Web Application Security Testing, this review will bring us a slightly more complex tool.   So where […]

Read more