InfoconDB

Presented at Diana Initiative 2019, Aug. 9, 2019, 1 p.m. (60 minutes).

The OWASP DevSlop team are back with "Patty", a new module of the project consisting of a DevSecOps pipeline made with Azure DevOps Pipelines, passing negative unit tests, ensuring all the 3rd party components are known-secure (White Source Bolt), dynamic code analysis (OWASP Zap), retrieving secrets from a secret store (Key Vault), releasing into Azure. This entire system/project is open-sourced as part of the project as live streaming and recorded videos, so that developers can watch each of the lessons, add it to their own pipelines, and have a head start on DevSecOps. The talk will consist mostly of a start-to-finish demo of the system, finishing with the DevSlop team releasing their own website live, on stage, using the pipeline. Tools showcased include SSL Labs, White Source Bolt and OWASP Zap.

For many people 'the cloud' and DevSecOps can be a bit mysterious. Let's clear this up with a nice, long, slow demo of how to load up an app in your editor, make a change, run it through your pipeline (and pass the security checks!), then publish it into the cloud. One step at a time.

Presenters:

Tanya Janca - Cloud Security Advocate at Microsoft
Tanya Janca is a senior cloud advocate for Microsoft, specializing in application and cloud security; evangelizing software security and advocating for developers and operations folks alike through public speaking, her open source project OWASP DevSlop, and various forms of teaching via workshops, blogs and community events. As an ethical hacker, OWASP Project and Chapter Leader, Women in Security and Technology (WIST) chapter leader, software developer and professional computer geek of 20+ years, she is a person who is truly fascinated by the ‘science’ of computer science.

OWASP DevSlop: A DevSecOps Pipeline

Presenters:

Links:

Similar Presentations: