DISCLAIMER: Only perform security testing on applications which you have explicit permission to do so. Also, this post shows features for Burp Suite Professional, as the Macros and scanning features are not available without a license. In the previous blog post, I detailed configuring Burp Suite for usage in security testing. Please reference the material […]
When I attended STARWEST in Anaheim in October 2016, I had the opportunity to sit down for an interview with Jennifer Bonine, VP, Global Delivery and Solutions at tap|QA LLC. In the interview, Jennifer and I discussed how and why companies should be testing with continuous delivery. Jennifer Bonine: Hi, and welcome back to the […]
I know what you’re thinking…what happened to the 2016 release? Well, 2016 was an interesting year, and unfortunately we weren’t able to get out a mid-year release, and our Q4 release got pushed to Q1 of this year. But, finally, an updated version of SecureCI™ is here! So, what can you expect from this release? Upgrades First and […]
For a variety of reasons, a lot of companies are moving to an Agile, DevOps Culture, Continuous Integration and Delivery/Deployment (CI/CD) model. These transformations rely on a variety of tools, including open source. A lot of organizations also use open source tools and libraries to develop their applications and in order to ensure security, these […]
DISCLAIMER: Only perform security testing on applications which you have explicit permission to do so. Also, this post shows features for Burp Suite Professional, as Macros and scanning are not available without a license. Identifying the Target Many web applications are unique and apply complexity which defeats basic security scanning. This can come in the […]
I recently wrote several blog posts about setting up a DevOps pipeline, and it was working great for our code. However, recently, I ran into an issue. My perfectly written and tested code somehow introduced a bug into our production environment! Luckily, we caught this issue quickly, and it was a relatively easy fix. So, I fixed the code, […]
I’m currently working on a DevOps project, heavily centered around AWS GovCloud. It’s important to point out I’m working in GovCloud, as opposed to AWS, as this means several key tools are missing. My colleague, Alan Crouch, recently pointed out how NAT Gateways are missing from the offered infrastructure. Another tool we found missing was Route 53, […]
Welcome to the fourth and final post in my series, DevOps in a Regulated and Embedded Environment. In this part, we’ll look at the problems that pop up when the deploy/test environments aren’t virtualizable. I’m assuming that you’ve already read my earlier post on “Git Flow in a Regulated World”. If you haven’t, the short […]
One of the most important things in software testing is integrating tests with the build tool that your project uses. Developers need to be able to run your tests easily, otherwise, they’re probably not going to run them. Another reason for integrating tests is that it encourages clearly defining your project’s build process. In the case […]
I’m going to take a little turn this month from what I usually post and talk about what many (including myself) consider the ‘more boring’ aspect of testing: test planning. About a month a ago, I participated in a “Hackathon” as part of a proposal effort. To prepare for this, the Coveros team spent some time […]
