Running Selenium Tests Through ZAP
Security

Many organizations we work with have some understanding of front-end testing using tools like Selenium. However, they struggle to prioritize, understand or properly implement security scanning in their Agile/DevOps Development process. One of the easiest ways to implement security testing with little to no additional effort is to use OWASP Zed Attack Proxy in conjunction […]

Read more
Security Scanning in non-Standard Applications with Burp Macros: Setup
Security

DISCLAIMER: Only perform security testing on applications which you have explicit permission to do so. Also, this post shows features for Burp Suite Professional, as Macros and scanning are not available without a license. Identifying the Target Many web applications are unique and apply complexity which defeats basic security scanning. This can come in the […]

Read more
Setting up OpenLDAP

I recently needed to setup OpenLDAP for a client. We setup an entire pipeline, similar to SecureCI and wanted to tie all of the tools into one login system. The installation was pretty straitforward, but we wanted to ensure our tooling stack was secured, so we moved a bit beyond the basics. This is all […]

Read more
Configuring Gitblit post-commit hooks over SSL

I have now twice spent multiple days trying to get a Gitblit server to communicate with a Jenkins server over SSH. This was done as part of ongoing work to update the Coveros SecureCI product with the goal of properly configuring both tools and a self-signed certificate to enable Gitblit’s post-commit jenkins hook to trigger builds. Given that […]

Read more
Filling out your CI Pipeline for Your PHP Project

Last month I started writing about the DevOps pipeline that I built out for a PHP project. Today I plan on filling it out a bit more. What I described last week is what many people consider a full CI Pipeline, executing unit tests, code coverage, and static analysis. I threw in a little more […]

Read more
Starting A CI Pipeline For Your PHP Project

I recently was put on a project where we are doing development for a website. There was already a large code, and we went in to add features in order to complete the site, and perform code refactoring when necessary. In order to accomplish this successfully, we decided to follow the SecureAgileTM, which involves ensuring […]

Read more
BsidesDC 2015… A Recap: Credit Card Failures and Web App Testing

To summarize the 3 day B-SidesDC conference: Be Afraid. In all seriousness, there are many systems we use daily which are quite vulnerable. The solution is to be vigilant, know what to look for, and understand how to fix it. It is good to know that the industry mindset is migrating towards an “Assume Breach” […]

Read more
Surviving Stagefright on a Rooted Handset

I am the black sheep of the company. Everything I run is Linux in some form or another except when required by a client. This includes my phone. When I first heard about Stagefright my heart sank, mostly for all the ribbing I would get for my co-workers, but also because my phone is rooted, more […]

Read more
X