When I attended STARWEST in Anaheim in October 2016, I had the opportunity to sit down for an interview with Jennifer Bonine, VP, Global Delivery and Solutions at tap|QA LLC. In the interview, Jennifer and I discussed how and why companies should be testing with continuous delivery. Jennifer Bonine: Hi, and welcome back to the […]
It has become standard practice for modern software development organizations to integrate open source components into their products, as it enables them to leverage existing solutions and technologies, thereby avoiding the need to reinvent the wheel. In fact, open source repositories like Maven Central are reporting record increases in downloads annually (30 Billion in 2015, […]
Many organizations we work with have some understanding of front-end testing using tools like Selenium. However, they struggle to prioritize, understand or properly implement security scanning in their Agile/DevOps Development process. One of the easiest ways to implement security testing with little to no additional effort is to use OWASP Zed Attack Proxy in conjunction […]
For a variety of reasons, a lot of companies are moving to an Agile, DevOps Culture, Continuous Integration and Delivery/Deployment (CI/CD) model. These transformations rely on a variety of tools, including open source. A lot of organizations also use open source tools and libraries to develop their applications and in order to ensure security, these […]
Whether you’re setting up a VPN server or establishing SSL certificates for your internal websites, there are a lot of reasons to consider setting up your own certificate authority (CA) for your organization. On my current project, we ran into the former situation and quickly realized the widely recommended default of setting up a separate […]
As the Federal Government looks to adopt cloud services from Amazon Web Services, many agencies are looking to AWS GovCloud to be that provider because services have been accredited by the FedRAMP program. While this is a far better pill to swallow for security programs, it’s somewhat more of a headache for most developers and […]
Ransomware has become a sufficient threat to warrant a public alert by the US-CERT in March 2016, with an update posted in July 2016. Ransomware is a virus that partially or entirely encrypts a hard drive. The encryption key is then sold to the owner to allow the data to be recovered. One branch of […]
Another security conference has come and gone and I surprisingly do not feel the doom and gloom of knowing that my data is being utterly owned. Two of the more interesting talks focused on protecting environments through Powershell and how to thoroughly test applications with more than just limited security automated tools. Defending with Powershell […]
Disclaimer: I have no intention of detailing how the box was exploited, with a map of how to break this system again. I intend to show the methods used to discover and trace the breach throughout the server. Welcome to part 1 of 3 of my Forensics Analysis blog. At some point in the […]
The ability to display widgets within the locked screen was present through Android KitKat. Sadly, this useful feature is not in the latest Android OS. Security and functionality have always had a tenuous relationship. In order to be absolutely functional, a system must allow everything. To make a system truly secure, it must allow nothing. […]
