April 28, 2015 Comments Off on Excellent article on laptop encryption
Did you know that you have very few privacy rights when you cross a border (into the US or anywhere else in the world, for that matter)? I blogged about the dangers of bringing a laptop through customs a while back. Naturally, it’s a good idea to remove any sensitive information from your laptop, especially when you’re traveling. For those situations that require you to keep important data on a computer that’s at risk of being inspected (or stolen), full-disk encryption can be a lifesaver.
Operating system vendors have been doing a great job at strengthening their products, so there’s really no excuse not to take advantage of encryption. Here’s a link to an excellent article from Micah Lee on The Intercept that explains how to do this on Windows, Mac, and Linux computers.
With step-by-step instructions, it’s one of the best written tutorials I’ve seen about this topic. It’s well worth your time to make the effort, but remember: don’t lose your password!
March 1, 2015 Comments Off on ServiceV – a superb service virtualization technology for the API and Agile era
I’ve been working with SoapUI since its earliest days, and I’m very excited about the direction that SmartBear is taking the Ready! API platform, which includes products such as SoapUI NG Pro, LoadUI NG Pro, Security, and ServiceV Pro.
At WiseClouds we deliver classes and supporting consulting services on all these exciting solutions, and we’re honored that SmartBear directly sells these courses to their clients. Many of our students go on to earn their SoapUI certification after attending these classes.
Mock services have long been one of the most useful features in SoapUI. Customers use mock services to quickly stand up virtual versions of the real services (SOAP and REST) that are in development. They can then construct their tests using these virtual services and then quickly switch over to the live services once they’re ready. Some of these enterprises have come up with really creative uses for mock services, including simulating middleware, third party APIs, telecom switches, and all sorts of other scenarios.
ServiceV represents a bold step forward for SmartBear, offering tremendous new functionality (such as assertions, datasources, and simulation for network latency and message buses – to name just a few) for creating virtual services, which are now known as Virts.
ServiceV is an idea whose time has come, for two primary reasons:
1. The rise of the API economy
It’s no secret that APIs are more essential than even before: it’s nearly impossible to go through your day without interacting with an API, whether or not you know it. They are the foundation of modern software, infrastructure, and the entire Internet. And APIs commonly invoke other APIs, which is an enormous increase in complexity.
This means that properly testing these assets is not an optional responsibility: it’s mandatory, and will continue to gain in importance. Failing to adequately test APIs can be disastrous – just read the news most days for the latest examples of outages, breakins, and other API failures.
ServiceV makes it easy to develop comprehensive tests that truly reflect the realities of the modern, API-based information-processing environment.
2. The advent of Agile delivery methodologies for software
Thanks to Agile techniques, software of all types – including APIs – is delivered much more frequently now. In many organizations, the quality assurance team is finding it nearly impossible to keep pace with the frenetic schedules driven by these practices.
ServiceV is a way for architects, developers, and operations staff to provide something for their quality assurance colleagues to use while the actual services are still being shaped and refined.
At WiseClouds, we’re so enthusiastic about what ServiceV represents that in addition to our current training and consulting solutions, we’ll be launching an exciting new Software as a Service offering that’s built upon ServiceV. If you’d like to learn more about that, be sure to subscribe to the blog and I’ll keep you posted.
June 10, 2014 § 1 Comment
I’m happy to announce the availability of on-demand training for SoapUI Pro, along with a comprehensive certification exam. This extensive, self-paced training course gives you all the tools you need to get the most from SoapUI Pro. After you’ve learned about SoapUI Pro’s far-reaching architecture, you’ll discover how to put SoapUI Pro’s features to work to build powerful unit, functional, and security tests.
The class is composed of 3 ½ hours of lectures along with dozens of straightforward, easy-to-understand examples and demonstrations. More than 150 questions will measure your comprehension of the materials, and thus prepare you for the optional SoapUI Pro certification exam.
Here’s a link to the class syllabus; below is a small class sample.
If you’d like to learn more and register, click here.
October 1, 2013 Comments Off on Big Data security and privacy risk podcast
I recently participated in a podcast sponsored by Edward Haletky at The Virtualization Practice.
My co-panelists (Edward, Iben Rodriguez @iben, Mike Foley @mikefoley) and I discussed many aspects of the inherent security and privacy risks that enterprises and the general public alike are encountering with Big Data. You can find a recording of the podcast here.
August 4, 2013 Comments Off on Introducing a half-day Big Data security training class
Beginning on September 20, I’ll be teaching a half-day Big Data security Webinar. These classes will take place once a month, and will cover the following topics:
Big Data information categories
- Document store
Big Data security requirements
- Legal and regulatory
- Internal guidelines
- Industry standards
- User access
Big Data security risks
- Meta data
- Distributed processing (e.g. MapReduce, Hadoop, and Cassandra)
- Overt attacks
- Covert attacks
Best practices for securing Big Data
- Setting realistic security goals
- Reducing surface area for attacks
- Protecting physical assets
- Safeguarding the network
- Encrypting data
- Data obfuscation via tokenization and masking
- Retiring data
To allow for maximum student interaction, classes will be limited to 10 people. You can register here
May 9, 2013 Comments Off on Data never really disappears, particularly when it’s supposed to
If you have a teenage son or daughter, you may be familiar with an app called ‘Snapchat’. Its claim to fame – that is, until earlier today – is that it deletes all messages (text, photo, or otherwise) within a few seconds, thus keeping sensitive information safe from the prying eyes of parents, police, marketers, and all sorts of other nefarious characters.
But lo and behold, as it turns out, Snapchat actually doesn’t delete the data after all. Instead, it’s simply moved to a hidden directory, where with proper time and tooling, it can be recovered. You can read all about it here.
Whether or not you’re prone to sharing too much information, the takeaway from this little debacle is that data never really goes away, especially once a smartphone gets involved – not to mention the cloud. Keep that in mind the next time you’re tempted to use technology to record, say, or write something that you don’t want anyone else to see or hear.