Life Beyond Spreadsheets: Using DefectDojo to Automate Vulnerability Management at Trade Me

Presented at Canterbury Hacker Camp (2022), Nov. 25, 2022, 3:20 p.m. (Unknown duration).

After years of sending many and varied vulnerability reports to different organisations, Josh switched sides to join the Blue Team at Trade Me and suddenly had to deal with the other side of the equation, figuring out how best to triage all of the various sources of vulnerability/security reporting and get that information to the right teams. Enter DefectDojo, an OWASP product which Trade Me is now using to aggregate security information and manage vulnerability lifecycles. This talk will go into the lessons learned while wiring this up and highlight how Trade Me is using this tool to make vulnerability management more manageable.

Presenters:

• Josh Brodie - Trade Me
  Josh is a former pentester now on the blue team at Trade Me. After yeeting countless pentest reports into the void, he is now the personification of the "Me Sowing vs. Me Reaping" meme as he has to wrangle security information, alerts and reports into something the organisation can practically use.

Links:

• https://2022.chcon.nz/speakers/josh/

Similar Presentations:

• ShellCon 2018 / How NOT to suck at Vulnerability Management
• Blue Team Con 2022 / From the Ground Up: Lessons Learned from Starting a Vulnerability Management Team
• BSidesLV 2023 / Towards Effective & Scalable Vulnerability Management