Dynamic Security Scanning in a CI: ZAP Scanning with Jenkins.
Setup a continuous integration pipeline with automated ZAP scanning on a vulnerable application. A complete guide.
Creating a Secure Pipeline: Jenkins with SonarQube and DependencyCheck
Walkthrough setting up Jenkins, SonarQube, and Dependency check with an out of the box docker configuration for rapid startup.
Integrating Security With Agile Development
A roadmap for automating security tooling and integrating with agile development teams to improve security outcomes.
Launching the Mozilla Plugin Privacy Test Database
About the test results of all popular Mozilla Firefox plugins. This post outlines the test methodology and code
Digging Through Someones Past Using OSINT
A walkthrough of people finding using public information to find details of their life and history. Also known as doxing or OSINT.
Personal Security & Privacy Tools I Recommend
Security advice for everyday usage - tech tools and systems.
How I Built an Application Inventory for a Secure Development Program
Analyzing 2000 applications for the critical 50 to focus on for a secre development program. How to slice data and ask the right questions.
Building a World Class Application Security Program
Let's walk through setting up a modern application security program from scratch, starting with the high level strategy and metrics.
How to Detect If a Browser Plugin is Spying On You - A Complete Guide
Steps anyone can use to detect browser plugin spying, even when they try to hide it.
A Comprehensive Web Server Security Guide
In this article, we will tread a middle path, and look at some ways to manage a web server securely for a variety of common deployment scenarios.