3 min
IT Ops
Logging Your Entire Software Delivery Pipeline
When we think of traditional development and production operations, we often
put everything into a linear software delivery pipeline that starts with a
development backlog, and ends with production monitoring. We slot tools at each
stage, and for the most part, keep everything segmented. Log analysis
is a common tool in that chain but where does it fit? At
the end? I think not.
Log analysis can be used throughout your entire software delivery pipeline.
The linear pipeline
4 min
IT Ops
Acceptance Tests In Practice - Behavior Driven Development
What is Acceptance Testing?
"Acceptance testing is a test conducted to determine if the requirements of a
specification or contract are met.” (Wikipedia definition
) In simple words, Acceptance
tests check if the software that we have built matches the requirements that
were provided.
The Magical Black Box
Acceptance testing is usually performed using “black box
” testing method.
The tester of the system k
1 min
Metasploit
Nexpose and Metasploit Training and Certification Courses Filling Up Fast!
Looking to amp-up or fine-tune your security prowess? UNITED conference
attendees get the chance to do just that by registering for additional small
group training and certification courses (Nexpose Basic, Metasploit Basic, and
Nexpose Advanced). Since we're keeping the sessions intimate, spots are filling
up quickly!
Save your spot now for two days of formalized, curriculum-based training with
Rapid7 experts . You'll get
to:
* Share best p
2 min
Microsoft
A Closer Look at February 2015's Patch Tuesday
This month's Patch Tuesday covers nine security bulletins from Microsoft,
including what seems like a not-very-unusual mix of remote code execution (RCE)
vulnerabilities and security feature bypasses. However, two of these bulletins –
MS15-011 and
MS15-014 –
require a closer look, both because of the severity of the vulnerabilities that
they address and the changes Mi
3 min
Why I joined Rapid7
I'll start by admitting that this blog post is a little overdue. I started at
Rapid7 on December 1st of last year and I have literally hit the ground running.
That's no excuse for being late but a good indicator that I have landed in the
right place. I'm not the kind of person that changes jobs on a whim (no pun
intended) so I'm happy to go in a bit more detail on why I joined Rapid7 and why
I'm so excited about this.
I've been in this business for almost 18 years now and enjoyed doing security
3 min
IT Ops
Installing Logentries Using Ansible
*This post was written by Logentries customer Richard
van den Brand, Software Engineer at Waarneembemiddeling.nl, where he
is responsible for developing and maintaining their Symfony2
applications and infrastructure. *
In this short tutorial I’ll describe the steps required to install the
Logentries agent using Ansible.
This tutorial assumes you have some basic knowledge about Ansible and how to use
playbooks and roles. If you’re unfamiliar with these topics please co
2 min
Patch Tuesday
Patch Tuesday, February 2015
For the second straight month Microsoft is holding fast to their blockade of
information. Customers with “Premier” support are getting a very sparse advance
notification 24 hours before the advisories drop, and “myBulletins” continues to
be useless because it is not updated until well after the patch Tuesday
release. Microsoft called this an evolution, and I can certainly see why – they
are applying a squeeze to security teams that will eliminate the weak members of
the herd.
This month we ar
2 min
Android
R7-2015-02: Google Play Store X-Frame-Options (XFO) Gaps Enable Android Remote Code Execution (RCE)
Vulnerability Summary
Due to a lack of complete coverage for X-Frame-Options
(XFO)
support on Google's Play Store web application
domain, a malicious user can leverage either a Cross-Site Scripting (XSS)
vulnerability in a particular area of the Google Play Store web application, or
a Universal XSS (UXSS) targeting affected browsers, to remotely install and
launch the main intent of an arbitrary Play S
4 min
Metasploit
Being Product Manager of Metasploit
Hello World
My name is Eray Yilmaz, and I am the new Product Manager of Metasploit. It has
been three months since I have joined Rapid7, and I wanted to share my
experiences with you so far. Before we get to that, here is tiny bit about
myself:
I am a 28, married, and fairly new father. I went to UTSA where I majored in
Information Assurance and Information Systems, and received my B.B.A. Like
anyone else in our industry, I have done my fair share of IT work, from helpdesk
to managing networks
4 min
Nexpose
GHOSTbuster: How to scan just for CVE-2015-0235 and keep your historical site data
A recently discovered severe vulnerability, nicknamed GHOST, can result in
remote code execution exploits on vulnerable systems. Affected systems should be
patched and rebooted immediately. Learn more about
CVE-2015-0235 and its risks
.
The Nexpose 5.12.0 content update provides coverage for the GHOST vulnerability.
Once the Nexpose 5.12.0 content update
3 min
IT Ops
The Role of Logging in ChatOps
What is ChatOps you might ask?
Well, if you are like me, you and your team may be already be doing it and you
don’t even know it. On a recent visit to San Francisco I was telling one of our
tech partners about our new Slack integration
when he responded by saying, “Slack and Logentries, cool! Yep everyone is doing
ChatOps these days…”
2 min
Linux
GHOST in the Machine - Is CVE-2015-0235 another Heartbleed?
CVE-2015-0235 is a remote code execution vulnerability affecting Linux systems
using older versions of the GNU C Library (glibc versions less than 2.18). The
bug was discovered by researchers at Qualys and named GHOST in reference to the
_gethostbyname function (and possibly because it makes for some nice puns).
To be clear, this is NOT the end of the Internet as we know, nor is it further
evidence (after Stormaggedon) that the end of the world is nigh. It's also not
another Heartbleed. But it
3 min
IT Ops
Infographic: Top 4 Log Management Challenges
At Logentries we chat to new users everyday who are
looking for an improved solution for centralizing and analyzing their log data.
They have often tried rolling their own solution, have previously gone the open
source route, or are using an “old school” logging technology.
But, what we find across new users, regardless of how they are managing their
log data, are some common challenges that have historically made log management
4 min
The Internet of Gas Station Tank Gauges
Introduction
Automated tank gauges (ATGs) are used to monitor fuel tank inventory levels,
track deliveries, raise alarms that indicate problems with the tank or gauge
(such as a fuel spill), and to perform leak tests in accordance with
environmental regulatory compliance. ATGs are used by nearly every fueling
station in the United States and tens of thousands of systems internationally.
Many ATGs can be programmed and monitored through a built-in serial port, a
plug-in serial port, a fax/modem,
4 min
IT Ops
Unit testing with Karma and Jasmine for AngularJS
So you’ve started to build applications with AngularJS; or, maybe you’ve
done unit testing before but haven’t used it with AngularJS; or, maybe it’s all
new to you, but either way this article should help to orient you to the value
of using Karma with Jasmine and offer some tips on displaying functionalities of
Angular JS. Let’s get started!
My app is small it doesn’t need any tests, right?
Wrong!
A small app can have errors and it’s bad practic