DevSecOps
Number of Posts: 42
Filter By:
Number of Posts: 42
article-img
Secure DevOps | May 28, 2021
How to Build Dynamic Dashboards: An Introduction
Create a dynamic dashboard by accessing HCL Compass data through the Node-RED integration layer!
article-img
Secure DevOps | April 29, 2021
Getting Compass Single Sign-On Working with Okta
We have a simplified way to set up your Okta service and we're sharing tips to help! But what does this mean for Compass?
article-img
Secure DevOps | April 28, 2021
Choosing a Software Configuration System Part 3
Explore the characteristics of development projects to consider when choosing a Software Configuration Management system.
article-img
Secure DevOps | March 22, 2021
Presenting a New Look for HCL AppScan on Cloud
The AppScan on Cloud web experience has several great improvements that not only bring a clean consistent interface across different areas of the service, but more importantly, provide better visability, ease of use and new developer centric advisories with sample code to remediate.
article-img
Secure DevOps | February 5, 2021
Protecting HCL Compass from Brute-force attacks
HCL Compass allows the administrator to protect Compass database repositories from brute-force attacks, here is the official documentation.  It limits the number of invalid login attempts of an attacker, who pretends as a user, before the lock out and also limits the login attempts from a certain host connecting to HCL Compass.  If an attacker is trying to hack and determine the password of a particular user, they might try many login attempts with different username and password combinations until they find one that works. As a defence against such attacks, HCL Compass can lock out the account or host used by the attacker when a certain number of failed attempts have occurred. When an account or a host is locked out, the login error message is the same as if the attacker entered an incorrect username and password. This prevents the attacker from knowing that the account has been locked out, causing them to waste resources on a continued fruitless attack. This severely limits the attacker to succeed in guessing the password.  Steps to protect the credential  HCL Compass enables the credential protection in just two simple steps.  First step to enable security is by creating a “.config” file with the below data. In this example we will create the config file with the name “SecureCredential.config”. This file can be created in any location; hence we have created the file in the HCL Compass default installation location, which is, “C:\Program Files\HCL\CCM\Compass”  # Comments are preceded by '#' and are ignored. # This enables lockouts lockout_enable 1 # Host lockout configuration # This sets the HOST lockout threshold to 10 tries lockout_threshold HOST 10  # This sets the HOST reset period to 60 seconds. lockout_reset HOST 60 # User lockout configuration # This sets the USER lockout threshold to 10 tries lockout_threshold USER 10  # This sets the USER reset period to 60 seconds. lockout_reset USER 60 # Whitelist / blacklists lockout_whitelist HOST whitelisthost lockout_whitelist USER whitelistuser1, whitelistuser lockout_blacklist HOST blacklisthost3 lockout_blacklist USER bl_user1 lockout_blacklist USER bl_user2,bl_user3 # Login attempt table cleanup # This says to cleanup any failed login attempts older # than one day (60s/m * 60m/hr * 24hr/day), and only # in...
article-img
Secure DevOps | February 1, 2021
HCL OneTest Version 10.1.2 Features New Updates for OneTest Performance
HCL OneTest version 10.1.2 is now available. And, while it is predominantly a fix pack, our team has included some exciting new capabilities in this release. For OneTest Performance users, 10.1.2 provides these following updates: Brotli support: decompress and work with data from services that implement the Brotli encoding mechanism. Dataset access from custom code: testers can now manipulate dataset values from custom code steps and read/write back values from/to datasets. 64-bit SAP support: you are no longer restricted to using the 32-bit version of OneTest Performance in order to work with SAP GUI based applications. Reports enhancements now allow for custom percentile counters. Reports enhancements to support exporting result data to JSON format. Reports enhancements supporting publication of large performance reports to OneTest Server. Take a deep dive on what’s new with OneTest Performance here. Or watch the on-demand webinar discussing the latest release.
Close