It seems like more often we hear stories of another security breach at our favorite retailer, bank, or some place that has our sensitive data. Any organization that has been entrusted to protect sensitive information should have solid security practices in place. Once a hacker has accessed your system it’s all over. The most expensive […]
Any developer who has ever opened up a pom file on a large project will be familiar with the seemingly infinite number of dependences which make governance nearly impossible. Thankfully, Sonatype is making our job a little bit easier with Nexus Firewall–a tool which allows system administrators the ability to craft policies to limit which […]
For automation, we want to store as much text as possible in our git repositories, and any binary artifacts in an artifact repository (like Sonatype’s nexus). However, Git can be a dangerous place to ever store passwords. If a bad guy ever acquired access, he could roll back in time and find every password you’ve ever stored […]
The software development IDE, JetBrains PhpStorm, is a versatile tool to incorporate into a DevOps pipeline. One useful method of expanding upon its native features is to add the SonarQube plugin to provide source code analysis. Step-by-step documentation is scattered or insufficient, so I have compiled an explanation of the process, with accompanying screenshots. This does […]
Here are some tips for keeping your OS environment secure, the DevOps way. Scanning Get your environment scanned early and often. And your first scan should happen even earlier. Nothing is worse than getting your first set of scan result back and realizing you have just been given 2 weeks worth of “surprise” work. Our […]
\\This webinar was part of the Engineer Your DevOps Webinar Series, led by Coveros CEO Jeffery Payne and DevOps Practice Lead Rich Mills. The special guest was Glenn Buckholz, a Technical Lead on DevOps work at the Department of Homeland Security for Coveros. Glenn has worked with a wide range of federal and commercial customers […]
Introduction I just finished giving my talk at StarEast about testing on a rooted device, and it went wonderfully. The room wasn’t packed, but the people who were there were the correct people…and that is what I really care about. We covered a good overview of what elevated privileges means for each device, discussed multiple […]
Introduction TechWell’s STAREAST is just 2 weeks away. Among other things, I’ll be talking about testing on a rooted device, specifically, what are the benefits, and what are some tools that can help you out. One of the things I WON’T be covering is how to root the physical device. Disappointing, I know, but due […]
In the previous blog, I detailed a great starting point for mobile application testing— the AppUse framework—and highlighted its greatest pros and cons. This tool, created by AppSec-Labs, combines many additional tools to perform static and dynamic analysis of an application and the smartphone device that it runs. Remember, please only use the tools and […]
Introduction Back in October I wrote a post about testing your mobile application on different networks and I promised a few follow-up articles. Unfortunately, I have been sidetrack with a lot of other work, and finally I have some time to get back to addressing this issue. This article will go over some results of […]
