So you’ve got a great DevOps pipeline that builds, tests and deploys your application. You might still be running manual security scans for vulnerabilities or you could be passively scanning with OWASP ZAP as your functional tests run. Here are some ways you can automate OWASP ZAP to actively scan your entire application for vulnerabilities. […]
I know what you’re thinking…what happened to the 2016 release? Well, 2016 was an interesting year, and unfortunately we weren’t able to get out a mid-year release, and our Q4 release got pushed to Q1 of this year. But, finally, an updated version of SecureCI™ is here! So, what can you expect from this release? Upgrades First and […]
Many organizations we work with have some understanding of front-end testing using tools like Selenium. However, they struggle to prioritize, understand or properly implement security scanning in their Agile/DevOps Development process. One of the easiest ways to implement security testing with little to no additional effort is to use OWASP Zed Attack Proxy in conjunction […]
OWASP Zed Attack Proxy (ZAP) is one of my favorite tools for scanning and performing vulnerability tests on a web application. It has a simple GUI to get started, with a large capability for customization to tailor scans as needed. Recently, I was faced with a problem to login and then scan the authenticated segments of […]
Last month I started writing about the DevOps pipeline that I built out for a PHP project. Today I plan on filling it out a bit more. What I described last week is what many people consider a full CI Pipeline, executing unit tests, code coverage, and static analysis. I threw in a little more […]
Most organizations I’ve worked with often think they are concerned about security, but never actually do anything about it until right before the big production release when it’s often too late to actually make any major security changes before the big “Go/No-Go” decision. What if security was baked into our CI processes in order to […]
As part of my ongoing collection of reviews and thoughts on today’s Security Testing Tools, I’m taking a look at the Zed Attack Proxy (ZAP) by OWASP. While, my last review of WebSecurify, looked at a very simplistic tool for Web Application Security Testing, this review will bring us a slightly more complex tool. So where […]
