Laravel and Custom Validations

Problem with Default Validation   While using Laravel to build a web application, I needed to perform custom validation on user input, such as a password parameter. By default, Laravel manages this through AJAX handled on the client side. However, I wanted a more robust solution. Also, helpful libraries, such as a check of whether an […]

Read more
New SecureCI Release

It’s that time of year, new year, new SecureCI release! 2015 ended well, with Coveros releasing a much more robust version of SecureCI. Not too many new features, but lots of bug fixes and some major upgrades of the application. This release focused on updating core components to latest release versions, correcting critical defects, and […]

Read more
BsidesDC 2015… A Recap: Credit Card Failures and Web App Testing

To summarize the 3 day B-SidesDC conference: Be Afraid. In all seriousness, there are many systems we use daily which are quite vulnerable. The solution is to be vigilant, know what to look for, and understand how to fix it. It is good to know that the industry mindset is migrating towards an “Assume Breach” […]

Read more
How to build SonarQube into PhpStorm for source code analysis

The software development IDE, JetBrains PhpStorm, is a versatile tool to incorporate into a DevOps pipeline. One useful method of expanding upon its native features is to add the SonarQube plugin to provide source code analysis. Step-by-step documentation is scattered or insufficient, so I have compiled an explanation of the process, with accompanying screenshots. This does […]

Read more
My hardening workflow

Here are some tips for keeping your OS environment secure, the DevOps way. Scanning Get your environment scanned early and often. And your first scan should happen even earlier. Nothing is worse than getting your first set of scan result back and realizing you have just been given 2 weeks worth of “surprise” work. Our […]

Read more
New SecureCI Release

As I’m certain everyone is aware, a new version of SecureCI™ has been released! Many more tools have been included, and while the basic setup is the same, there is a bit more configuration that you’ll need to setup. My previous post of how to startup a new instance of SecureCI™ is still accurate, however […]

Read more
Surviving Stagefright on a Rooted Handset

I am the black sheep of the company. Everything I run is Linux in some form or another except when required by a client. This includes my phone. When I first heard about Stagefright my heart sank, mostly for all the ribbing I would get for my co-workers, but also because my phone is rooted, more […]

Read more
Continuous Security in a DevOps Environment

\\This webinar was part of the Engineer Your DevOps Webinar Series, led by Coveros CEO Jeffery Payne and DevOps Practice Lead Rich Mills. The special guest was Glenn Buckholz, a Technical Lead on DevOps work at the Department of Homeland Security for Coveros. Glenn has worked with a wide range of federal and commercial customers […]

Read more
Automating Security with DevOps: It can work

DevOps and Security have often been considered mutually exclusive. Both are imperative to developing high-quality applications, but continue to be seen as entirely separate processes. Tools that combine DevOps and Security tend to only integrate static security code analysis, and do so within the early stages of Continuous Integration. These scans are performed simultaneously, running […]

Read more
Securing Jenkins when using AWS
Security

Dear Loyal Readers, Security, like safety, almost always makes your life harder. It is inefficient.  Now, as I said before, I love Jenkins for scripting and organizing project operations and today I’d like to talk about a security feature that can help you have your cake and eat it too. The challenge for us is that […]

Read more
X