OWASP NZ 22 - Building Your First DevSecOps Pipeline
HTML-код
- Опубликовано: 12 авг 2022
- Abstract
I am sure all of you have heard about "Shift Left Security" in many presentations, but how do you actually achieve this? Well, this is the talk for you - where I'll cover all the DevSecOps buzzwords and showcase a functional DevSecOps pipeline that can perform security testing such as SCA, SAST, and DAST.
Description
In this talk I'll cover how to build your first DevSecOps pipeline with Open Source tooling. I'll address various concepts and buzzwords related to DevSecOps to clear your doubts. I'll demonstrate a GitLab pipeline that has various open-source security tooling embedded to perform the following security tests against a vulnerable application:
Secrets Detection (tools such as TruffleHog, etc.)
Software Composition Analysis (SCA)
Static Application Security Testing (SAST)
Dynamic Application Security Testing (DAST)
With this pipeline, our aim is to identify security issues as early as possible so that we can build "Secure by Default" products. This pipeline and demos will cover tools such as RetireJS, Safety, Bandit, TruffleHog, NMAP, SSLyze and ZAP.
Good video
🙏
great
where can i find the YML files used here?
Thank you for your sharing.
Can you share the slide ?
720p video, poor screencast video'd into video, and no materials shared. 10/10
hello, can you share the repo?
Pls make. Video on how to bypass any login in Android apk. Thnk u☺️