SecureCI 2013 Q4 Release

Introduction Quarter 4 for Coveros has been action packed for SecureCI™. We performed several major updates to our SecureCI™ version, bringing the software tools up to date, and making them more user and out-of-the-box friendly. For those unaware, SecureCI™ is an integrated stack of tools that provides version control, wiki, project/issue management, and code analysis […]

Read more
Apache Server Errors

So I run a server at home hosting several sites, including a few personal sandboxes for development. I went to check one of sites, and noticed it was taking an incredibly long time to load. When I logged into the machine, I got the dreaded Usage of /: 99.9% of 27.50GB disk space error. Now, […]

Read more
Using the Join Plugin in Jenkins

With large complex software applications, builds can often be split into different steps and tasks creating a series of jobs for our build pipeline.   On my current project we are utilizing Jenkins to implement Continuous Integration/Continuous Deliver (CI/CD) and between the jobs for compilation, smoke tests, acceptance tests and deployment across environments in several different VLANs, […]

Read more
Creating Modular Jobs in Jenkins

I spent much of my formative years in High School and College being indoctrinated with Object-Orientated Programming (OOP).  When used well, OOP provides clear modular structure for programs, defines clear interfaces, makes software easier to maintain and modify, allows multiple functions to share code (cord re-use), and reduces large, complex issues to smaller, more manageable […]

Read more
Cucumber-JVM Within SecureCI
Cucumber

Introduction Now that we have created some simple cucumber tests and built a sturdy selenium framework, we want to setup an environment where these tests can be quickly and conveniently run against our code. Due to the nature of development, code is constantly changing, and we want to ensure that each change to the code […]

Read more
Using the Build Flow Plugin in Jenkins

With large complex software applications, builds can often be split into different steps and tasks creating a series of jobs for our build pipeline.   On my current project we are utilizing Jenkins to implement Continuous Integration/Continuous Deliver (CI/CD) and between the jobs for compilation, smoke tests, acceptance tests and deployment across environments in several […]

Read more
How to display a logon/disclaimer notice banner in SharePoint by customizing the Global.asax and deploy the global.asax file using the Sharepoint WSP.

  I was working on a SharePoint DoD project, due to security requriements(STIG) it needed to display a disclaimer notice banner when a user initiates a session with the SharePoint Site. This solution tells how to customize and deploy the SharePoint Global.asax that triggers the new session start event to display the disclaimer notice banner. This solution was split into two SharePoint […]

Read more
Security Testing: OWASP ZAP (Zed Attack Proxy)

As part of my ongoing collection of reviews and thoughts on today’s Security Testing Tools, I’m taking a look at the Zed Attack Proxy (ZAP) by OWASP.  While, my last review of WebSecurify, looked at a very simplistic tool for Web Application Security Testing, this review will bring us a slightly more complex tool.   So where […]

Read more
Integrating CAT.NET into Hudson for Continuous Security Analysis

I recently published an article about using CAT.NET security scanner on your .NET web application. Once you get it running, it’s fairly simple to integrate it into your continuous integration process. Our strategy here will be to use a down-stream job in Hudson to run static security analysis on our application build after the main compilation/packaging […]

Read more
Security Testing: Web Application Fuzz Testing

Fuzz testing or Fuzzing, a technique originated in 1988 by Professor Barton Miller at the University of Wisconsin, is a software testing technique where invalid, unexpected, and or random data is input into the system at various levels in an effort to uncover unexpected system behaviors and system failures including system crashes, failing code assertions, […]

Read more
X