The nVisium Blog

CodeBuild, Brakeman, and CodePipeline

Published on March 15, 2017 by Ken Johnson

I’m tired of running a Jenkins server; there, I said it. It costs us money, I have to keep it patched, and patching equates to lost energy. Lost energy and lost time which means lost forward momentum working on the things we should be focused on. This is where CodeBuild came into play. We were already using CodePipeline but wanted to use CodeBuild because CodeBuild integrates with CodePipeline. CodeBuild is a replacement for Jenkins, it is a managed service by AWS, and it costs very little.

Read more...

Introducing the nVisium On-Demand Training Platform

Published on March 2, 2017 by Jack Mannino

When we set out to build an on-demand developer training platform, we wanted to focus on the most important part of any course: the student. Developers learn by using familiar tools and writing code, not by watching non-specific, generic content or playing contrived games. When discussing training options with some clients, the chief complaint about current Computer Based Training (CBT) solutions and gamified apps was that developers didn’t recognize the value in them. Additionally, security struggled internally to build support and adoption for these solutions with their development teams.

Read more...

Fun with CAPTCHA - Pt I

Published on February 23, 2017 by Jonn Callahan

After spending the last half a decade reviewing web applications, I've come across multiple homebrewed CAPTCHA implementations. None of them have stood up to any kind of rigorous testing and vulnerabilities tended to start appearing with only a moderate amount of poking. Because of this, I decided to go after a widespread solution to see how the best implementations stood up to analysis.

Read more...

AppSec Basics: Your First Pentest

Published on February 9, 2017 by David Coursey

So, another year has come and gone and you still have that feeling. That little voice inside that says, "I wonder how good our cyber security is..." Is that super critical application just sitting out there on the internet scared and alone? Maybe now is finally the time to look into it, but where to start?

Read more...

Introducing SpyDir

Published on January 18, 2017 by Ryan Reid

In this post, I'll discuss a Burp Suite extension I've recently developed and published to my GitHub. The extension provides a mechanism to enumerate endpoints within a web application via a local source code repository. Finally, it does this in an extensible manner.

Read more...

nVisium, Now an Amazon Consulting Partner

Published on December 20, 2016 by Ken Johnson

Our customers have always played a part in shaping our service offerings. Over the past several years, we have seen increasing demand from our customers for assistance in securing Amazon Web Services (AWS) environments. So at their request, we performed reviews of their controls, configuration of their services, etc. Essentially, we conducted AWS security assessments. We were able to do this work because we could "eat our own dog food," so to speak. We utilized AWS, so it made sense to go through the process of creating a secure framework for building on and completing various AWS trainings.

Read more...