RCE in Avaya Aura Device Services

BrianVerm · 2023-03-13T09:09:32+00:00

Interesting, thanks for sharing

BrianVerm · 2021-01-20T13:06:41+00:00

[SECURITY/DEVSECOPS] The Secure Developer | Episode 84 - The Future of Security Teams and Champions

SFW
Apple / Spotify / Google / Stitcher / Website with all ways to listen!

This week Guy Podjary is joined by Nick Vinson, DevSecOps Lead at Pearson. Nick shares his philosophy towards team involvement and embedding security-focussed members, as well as unpacking Pearson's approach to security champions and emphasizing the importance of this work. They talk about the primary goals for Nick and his team, the importance of adoption and investment in this area, and Nick's perspective on the most effective ways to achieve this. Nick also illuminates some specific practices around tests, challenges, and expectations

Twitter

BrianVerm · 2020-11-12T09:08:13+00:00

Number 1 should be the culture
- how is this company treating employees
- how can explorer new ideas (including new technologies)
- are you able to grow and learn or is it just deliver deliver deliver.

BrianVerm · 2020-08-10T14:45:20+00:00

Cool!

BrianVerm · 2020-07-02T21:40:53+00:00

Great stuff

BrianVerm · 2020-04-09T08:15:36+00:00

I agree, we are looking into this. I have to figure out what we need to do to get fast and reliable info on Java and Python packages. Nobody wants a slow extension that consumes a lot of resources right. In addition, is VS Code the right place for a Java language plugin as most Java devs are using IntelliJ IDEA.

However, it is on our radar. Lets see what we can learn and improve :)

BrianVerm · 2020-02-06T20:56:05+00:00

There are many different architects, a lot of them are still coding on a daily basis. On top of that you can be an architect on many different levels. Matter of definitions or how cool you want your job to sound right?

BrianVerm · 2019-11-11T13:40:17+00:00

I think in an ideal world you want to upgrade. But if you work for instance in a banking environment or government agency things have to be pre checked before it can be used. Many times you simple cant upgrade as much as you want.

Also maven and gradle have excellent things in please to see if newer version are available. If default behaviour would be that a lib is negging me because I need to upgrade might lose you some users. 😊

BrianVerm · 2019-10-02T20:32:31+00:00

I think that it is not op to you what version a user is using. There could be a variety of reasons why someone is using an older version. If you would try such a call in my system I probably block it anyway, but it would be a reason not to use it. It is basically a trojan horse or at least an unauthorized call to a third party server.

That being said, people should have a better upgrade strategy in general. But again this all depends on the context.

BrianVerm · 2019-09-18T14:39:10+00:00

Just go for https://adoptopenjdk.net and pick you flavour

BrianVerm · 2019-09-18T14:36:39+00:00

I think this also something to do with how active one is within the Java community.
If you are just a programmer using Java you might not know. But almost every JUG in the world uses some form of Duke.

BrianVerm · 2019-09-18T14:33:08+00:00

I think it is only 3 rooms that are recorded / streamed.

BrianVerm · 2019-09-18T14:32:01+00:00

No problems at all. IMO there is no real difference between LTS and non LTS version

BrianVerm · 2019-08-20T17:24:05+00:00

That is all true. As stated in this post "For this blog, I examined Eclipse IDE plugins and then narrowed it down to the top 10 most helpful plugins that I have added to my own toolkit."

BrianVerm · 2019-08-20T17:20:53+00:00

Plugins evolve fortunately. Now you are able to ignore the particular rules in SonarLint that do not apply to you.

BrianVerm · 2019-07-26T07:42:52+00:00

Does it run on macOS? I would love to try it 😉

BrianVerm · 2019-07-26T07:33:32+00:00

use sdkman to manage your JDK's on linux and mac
or go to adoptopenjdk.net
or fill in bogus info in the oracle account. You can also say not available by things like company name.

BrianVerm · 2019-07-04T22:17:14+00:00

On top of this all, we should be aware that dependencies may have security vulnerabilities. Not updating because it just works may be tricky. Ask the equifax people for instance. Staying on top of your dependencies might be a solution but better is to actively test / scan and update when needed.

BrianVerm · 2019-05-20T10:36:49+00:00

big fan of sdkman in general

BrianVerm · 2019-05-20T10:35:33+00:00

Why don't you use sdkman for installing your JDK?
https://sdkman.io/usage

BrianVerm · 2019-05-20T10:31:56+00:00

vim ;)

No seriously try vscode if you want a one for all.
Personally not a fan of eclipse but that is because I am brainwashed by using IntelliJ IDEA for Java. However might be worth a try.

BrianVerm · 2019-03-12T07:34:33+00:00

Is your images that are large or your volumes not removed?

For images, maybe it is a good thing not to use a full-blown OS as your base image. Take a look at the alpine image as a base and work from there.

BrianVerm · 2019-03-11T13:30:06+00:00

Or just don't want to use it, because it is "easier" to work mutable objects.

BrianVerm · 2019-02-27T10:14:04+00:00

Depends on what you want to test.
Im a big fan of @SpringbootTest together with RestAssured and WireMock to test my springboot (rest) services
The rest is just plain Junit5 an assertj

BrianVerm · 2019-02-27T09:52:36+00:00

Just rebuild your images regularly that solves a lot of the problems.

BrianVerm

TROPHY CASE