AWS Config automated remediation

Frederique Retsema

Introduction It is possible in AWS to check if your environment is compliant to your minimum standards. It is also possible to automatically change the environment to make it compliant again. Maybe not in a way that was designed by the developer – but compliant anyhow. Let me give an […]

Jenkins Pipeline: SonarQube and the OWASP Dependency-Check

Maarten Smeets

The OWASP Foundation plays an important role in helping to improve security of software worldwide. They have created a popular and well-known awareness document called the ‘OWASP Top 10‘. This document lists the following risk: using components with known vulnerabilities. Software nowadays can be quite complex consisting of many direct and […]

Surprisingly easy: Anchore Engine for container vulnerability scanning in a Jenkins pipeline running on Kubernetes

Maarten Smeets

Anchore Engine is a popular open source tool for container image inspection and vulnerability scanning. It is easily integrated in a Kubernetes environment as an admission controller or in a Jenkins build pipeline using a plugin. A while ago I took a look at Anchore Engine and created a small introductory presentation and Katacoda scenario for […]

Secure browsing using a local SOCKS proxy server (on desktop or mobile) and an always free OCI compute instance as SSH server

Maarten Smeets

Oracle provides several services as ‘always free’. In contrast to Azure and Amazon, these include compute instances which remain ‘forever’ free to use. Although there are some limitations on CPU, disk, network resources, these instances are ideal to use as a remote SSH server and with a little effort a […]

Securing Oracle Service Bus REST services with OAuth2 client credentials flow (without using additional products)

Maarten Smeets 5

OAuth2 is a popular authentication framework. As a service provider it is thus common to provide support for OAuth2. How can you do this on a plain WebLogic Server / Service Bus without having to install additional products (and possibly have to pay for licenses)? If you just want to […]

OpenSSL example commands

Ronnie Kalisingh

OpenSSL “OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used in internet web servers, serving a majority of all web sites. OpenSSL contains an open-source implementation of the SSL and […]

Oracle 12c STIG Password Generator in PL/SQL

Harry Dragstra 1

Creating or modifying an Oracle Database user password can be done by using any standard password generator you can find on the WEB. But I wanted a password to comply to “ora12c_strong_verify_function”, and this isn’t as easy to generate as you might expect. Though most generators provide options to include […]