OWASP SEASIDES 2019
OWASP SEASIDES 2019
OWASP SEASIDES 2019
OWASP SEASIDES 2019
About OWASP Seasides
Call for Papers (CFP)
Call for Tools (CFT)
Venue Details
Schedule
Conference at a glance (Schedule)
Diversity Partner
Scholarship Opportunities
Photo Gallery
OWASP Seasides
Sponsors
Supporters
Speakers
Our Team
Social Media
Get in Touch
CODE OF CONDUCT
Events
Blockchain Village
Machine learning 101 for Cyber Security
Mobile App Security
Women Only - Web Application Security
CMD+CTRL Code/Web App Review Challenge
CTF Bootcamp/Training
A story of protecting critical web applications using OWASP Top 10
Bug Hunter's Methodology
Building your first AppSec pipeline with all bells and whistles
Reversing and Exploitation of Vehicle (CAR Hacking)
Soldering Village
Red Team Village
Tools Showcase
Day 1: 27 Feb 2019
Day 2: 28 Feb 2019
EVENING TALKS
27th February
28th February
Powered by GitBook

Building your first AppSec pipeline with all bells and whistles

28th February 09:00 AM - 6:00 PM IST

Abstract of the workshop:

In this workshop we will learn and get a good understanding how to set up security test automation into your CI/CD pipelines.

Most customers in need for security test automation all utilise different CI tools that fit their needs. Getting your security tools in these CI environments makes you fully dependent on the plugins the CI environment provides. Now, imagine a world where we could configure our security tools once and use this as a blueprint over all the CI tools?

Docker helps security engineers to weaponise the customers CI/CD pipe-lines in a heartbeat with hard to configure security tools. Delivering the entire security test automation and vulnerability management solution a scripted manner that roles out in the blink of an eye!

After we have the basic set-up configured correctly we can start collecting the right tooling to get the job done. There are a lot of things we should take into consideration if we want to cover the entire attack surface. How to secure the application host, containers, manage secrets, and implement static/dynamic analysis tools. Even more importantly, how to ultimately manage all the vulnerabilities in an effective way where we can do delta reporting and false positive suppression to make everything more maintainable?

Trough pain and lessons learned we want to share our experiences in the form of a workshop to give handles and guides to get security automation started in your company!

Why:This workshop aims at helping developers to improve their security skill: when you go devops style, you need to onboard security as well. However, you don’t want to have huge manual quality gates: instead you need to automate! This workshop will help developers understanding the basics and various levels of security checks involved in an AppSec pipeline

About the Trainers

Trainer 1: Glenn ten Cate as a coder, hacker, speaker, trainer and security researcher Glenn has over 10 years experience in the field of security. One of the founders of defensive development [defdev] a security trainings series dedicated to helping you build and maintain secure software and also speaking at multiple other security conferences in the world. His goal is to create an open-source software development life cycle with the tools and knowledge gathered over the years.

Trainer 2: Riccardo ten Cate as a penetration tester from the Netherlands Riccardo specialises in application security and has extensive knowledge in securing applications in multiple coding languages. Riccardo has many years of experience in training and guiding development teams becoming more mature and making their applications secure by design. Not only does Riccardo train developers, he and his brother Glenn also donated an entire knowledge framework solely dedicated to help developers make their code secure by design to OWASP. See: SKF (Security knowledge framework) .

Riccardo also has expertise on implementing security test automation in CI/CD pipelines. This helps create short feedback loops back to the developer and prevents bugs from getting into production into an early phase of the development lifecycle.

*Note: Registration details will be shared with Trainers and Sponsors

The registration is closed. However, all the events and workshops are on first come first serve basis. Please reach the venue early to grab your spot.

Events - Previous
Bug Hunter's Methodology
Next - Events
Reversing and Exploitation of Vehicle (CAR Hacking)
Last updated 10 months ago