The primary goal of DevSecOps is to ensure Security and Operations team members are engaged and collaborating with Development and Test from the very beginning of a project/product development. In addition to cultural shifts, it demands a linked toolchain of technologies to facilitate collaborative change. It requires pushing past departmental lines for more effective planning, […]
When people think of DevSecOps the first thing that comes to mind is automation. A strong DevSecOps environment should employ tools that automate the following: Continuous Integration, Continuous Delivery, Continuous Testing, Continuous Deployment, and Continuous Monitoring. While automation is certainly important, it’s just as important (if not more important) to build the mindset that “everyone […]
By now, most organizations have heard of DevOps and many have begun to adopt DevOps practices as a key enabler of software delivery. Organizations who have adopted or are adopting an Agile approach find DevOps practices are a key component of the most successful adoptions. Granted, Agile can be adopted without the use of DevOps, […]
There are many advantages to using LVM to manage your disk partitions, one of which is how easy it is to extend the file system to use free space. I recently completed some work using crypto_luks encrypt a RHEL 7 vm, which used LVM to manage its disk partitions. Once I was finished, I noticed […]
The video below demonstrates how to test a mobile application for remote authentication vulnerabilities. For this demonstration, I used a mobile application called iGoat. iGoat is designed for the iOS platform and functions as a learning tool for iOS developers. iGoat is a safe environment in which iOS developers can gain knowledge about the major […]
So you’ve got a great DevOps pipeline that builds, tests and deploys your application. You might still be running manual security scans for vulnerabilities or you could be passively scanning with OWASP ZAP as your functional tests run. Here are some ways you can automate OWASP ZAP to actively scan your entire application for vulnerabilities. […]
The video below demonstrates how to test a mobile application for local data storage vulnerabilities. For this demonstration, I used a mobile application called iGoat. iGoat is designed for the iOS platform and functions as a learning tool for iOS developers. iGoat is a safe environment in which iOS developers can gain knowledge about the […]
On my current project, my team is using FreeIPA to implement Single Sign-On (SSO) for all the employees at Coveros. FreeIPA is an open-source security solution for the Linux operating system which provides account management and centralized authentication, similar to Microsoft’s Active Directory. It is built on top of multiple open source projects such as […]
This is part 2 of my blog series about Nexus Lifecycle. If you missed my first part you can find by clicking this link. Here I will talk about how to properly roll out Nexus Lifecycle in an Enterprise Environment based on a past experience. The first thing you need to do is to make […]
Nearly every organization dreads the “S-word,” but security should be something we embrace early instead of avoiding until the last minute. It’s strange that we would delay something that could derail our entire application release to the very end when we know we will have no time to address it. Fear of the unknown and fear of failure are […]
