Explore four different threat modeling methodologies—STRIDE, PASTA, Trike, VAST—and assess their strengths and weaknesses.
Explore four different threat modeling methodologies—STRIDE, PASTA, Trike, VAST—and assess their strengths and weaknesses.
As another year begins and we look forward, many teams use this time to reflect on all that they’ve accomplished—reviewing things that are working well and things they’d like to improve. A key challenge continues to be automating our testing. Most of us are running to catch up in the test automation space and aggressively […]
What is application security, or AppSec? Let’s talk about web application security first. OWASP was created in 2001 and has been known as the best community for web application security. Volumes of online resources for web application security defects, security testing, and security projects have been produced by OWASP. Yet web application security is only […]
At a high level, maintainability defines the ease with which changes can be made correctly. Correctness in this sense means that the intended changes are made without introducing unexpected side effects. Code should be structured so as to be easily modifiable. Tests should be in place to prevent regression, ensuring that existing functionality is unaffected […]
Load and performance issues can be difficult to resolve when found late in the software development lifecycle, yet teams still often wait until the last minute to performance test their applications. This can be costly, especially if the problem ends up being an issue with the overall architecture of the application. Load and performance testing […]
Helm is a Kubernetes package and operations manager. The name “kubernetes” is derived from the Greek word for “pilot” or “helmsman”, making Helm its steering wheel. Using a packaging manager, Charts, Helm allows us to package Kubernetes releases into a convenient zip (.tgz) file. A Helm chart can contain any number of Kubernetes objects, all […]
Recently I wrote an Ansible playbook to extract data from an Informatica PowerCenter repository. The data was then compressed and uploaded into Nexus Repository Manager. I used the command line utility, pmrep, to execute the commands needed to connect to the Informatica repository and to extract the data. A specific Informatica user had been given […]
‘Pipeline as code’ or defining the deployment pipeline through code rather than configuring a running CI/CD tool, provides tremendous benefits for teams automating infrastructure across their environments. One of the most popular ways to implement a pipeline as code is through Jenkins Pipeline. Jenkins, an open source automation server, is used to automate tasks associated […]
Tagging Basics Cucumber provides a simple method to organize features and scenarios by user determined classifications. This is implemented using the convention that any space delimited string found in a feature file that is prefaced with the commercial at (@) symbol is considered a tag. Any string may be used as a tag and any […]
When developing an application in programming language A you may discover that certain parts of the program are easier to code using a different language B. At this point you have one of three choices: Write the application entirely in language A. Write the application entirely in language B. Write most of the application using […]
