Creating Modular Jobs in Jenkins

I spent much of my formative years in High School and College being indoctrinated with Object-Orientated Programming (OOP).  When used well, OOP provides clear modular structure for programs, defines clear interfaces, makes software easier to maintain and modify, allows multiple functions to share code (cord re-use), and reduces large, complex issues to smaller, more manageable […]

Read more
Cucumber-JVM Within SecureCI
Cucumber

Introduction Now that we have created some simple cucumber tests and built a sturdy selenium framework, we want to setup an environment where these tests can be quickly and conveniently run against our code. Due to the nature of development, code is constantly changing, and we want to ensure that each change to the code […]

Read more
Running Cucumber-JVM Locally
Cucumber

Introduction Initially this post was going to contain instructions on running tests locally, and on SecureCI. Due to the lengthiness of the post, I decided to break this up into two different posts. This post will cover just setting up and running tests locally, building on the previous posts of creating some simple cucumber tests […]

Read more
Using the Build Flow Plugin in Jenkins

With large complex software applications, builds can often be split into different steps and tasks creating a series of jobs for our build pipeline.   On my current project we are utilizing Jenkins to implement Continuous Integration/Continuous Deliver (CI/CD) and between the jobs for compilation, smoke tests, acceptance tests and deployment across environments in several […]

Read more
Mailtrap.io for Email Testing

Testing applications and web sites that send email can be difficult. During testing you might generate many email notifications and you don’t want to flood a real mailbox. Or you might not want email from a development system being confused for production email. And especially when using production data during development, you might want to […]

Read more
Using Sequences of System Events to Identify Users

In my last post on the Active Authentication project I described how to use Microsoft Detours to collect a trace of system calls (also known as system events) for a single process.  At Coveros Labs we leveraged an example program provided with Detours in order to create our own prototype system that validates the identity of a […]

Read more
Integrating CAT.NET into Hudson for Continuous Security Analysis

I recently published an article about using CAT.NET security scanner on your .NET web application. Once you get it running, it’s fairly simple to integrate it into your continuous integration process. Our strategy here will be to use a down-stream job in Hudson to run static security analysis on our application build after the main compilation/packaging […]

Read more
Resizing a VirtualBox hard drive image under Windows

I use a lot of virtual machines for the work I do. Invariably, I start with small virtual hard drives that continuously grow until I run out of space. I used to go through wild gyrations to add an additional hard drive to the machine. It’s actually much simpler to just expand the hard drive. […]

Read more
Teaching Firefox to use a CAC

Some of the sites I use require a CAC smart card to establish SSL access. (Forge.mil is an example of this.) Chrome and IE (shudder) are both smart enough to use a smart card for certificates out of the box on Windows. Unfortunately, Firefox doesn’t seem to be set up to do it without some […]

Read more
X