Continuous Security in a DevOps Environment

\\This webinar was part of the Engineer Your DevOps Webinar Series, led by Coveros CEO Jeffery Payne and DevOps Practice Lead Rich Mills. The special guest was Glenn Buckholz, a Technical Lead on DevOps work at the Department of Homeland Security for Coveros. Glenn has worked with a wide range of federal and commercial customers […]

Read more
Adding Security into your CI Process

Most organizations I’ve worked with often think they are concerned about security, but never actually do anything about it until right before the big production release when it’s often too late to actually make any major security changes before the big “Go/No-Go” decision.  What if security was baked into our CI processes in order to […]

Read more
Using Virtual Machines for Software Development

On my current project I am using a virtual machine (VM) that was provided by the architecture team for software development.  While I have found using this VM to be extremely useful, some developers on the project continue to build and deploy the application directly on their host machines, perhaps out of habit or an unwillingness […]

Read more
The Production Issue

If you’ve been working in software development then you’re probably very familiar with the term “production issue”.  This is a problem that is discovered in the production environment that causes the application to become unavailable or to exhibit incorrect behavior.  For example, a production issue in an online banking system might be that customers’ account […]

Read more
Pitfalls of Overlapping Releases

On my current project, new functionality is often released in increments over a period of several months, as opposed to developing the functionality and deploying it in one release. This is a good approach to release management because it reduces risk, since relatively small changes will be made to the production environment. It also allows […]

Read more
How Does Security Testing Fit In My QA Process?

Summary: Alan Crouch discusses one of the most Frequently Asked Questions during his Software Testing Course: How Does Security Fit In My QA Process?  Alan includes advice on integrating Security Testing in your QA Process, example security requirements and how to start implementing security testing for software testers. Complete Article: Better Software Magazine (July/August 2014) […]

Read more
Improving Software Quality through Communication

I recently gave a presentation to undergraduate students about some of the challenges of working on large-scale software development projects.  One of the key challenges that I highlighted was communication.  Although this is not specific to a software development project, it is extremely important. If communication is not performed properly, then it becomes nearly impossible […]

Read more
Maven POM Lint Plugin

I am a big fan of static analysis and formatting tools. I just like my code to be as clean as possible. At the very least, being clean makes the code easier to read and maintain. If I can find a tool that will make it easy for me to keep my code clean, I’ll […]

Read more
Using Components with Known Vulnerabilities

One of the items on the 2013 OWASP Top Ten is “Using Components with Known Vulnerabilities.” It is new on this year’s list, debuting at number 9. OWASP lists at as being widespread and difficult to detect. The issue is that modern software is made up of dozens, if not hundreds, of third-party components. Even […]

Read more
Coping with Long Feedback Loops during Software Development

I recently had the opportunity to work on a software development project as part of a 300 person team.  On this team there were two types of developers: user interface (UI) developers and service developers.  In order to evaluate the effect of a code change, UI developers needed to deploy their modified JavaScript files to […]

Read more
X