Making Vulnerability Management Less Painful with OWASP DefectDojo

Presented at AppSec USA 2017, Sept. 21, 2017, 1:30 p.m. (45 minutes).

DefectDojo was created in 2013 when one security engineer at Rackspace stupidly opened his mouth in front of his leadership team. Vulnerability management is traditionally tedious, time consuming, and mentally draining. DefectDojo attempts to streamline vulnerability management with automation centered around templating, report generation, metrics, scanner consolidation, and baseline self-service tools. DefectDojo is currently used by multiple large enterprises and has core contributors from five different companies. It has made several engineers' lives much easier, and it can help you too. Got a ton of findings to consolidate and report on? DefectDojo has you covered. Need to have a dashboard of your team's work? DefectDojo has you covered. Tired of boilerplate report generation? DefectDojo does that for you. Come check out how to make vulnerability management less painful and speed up your appsec program in this talk with demo.


Presenters:

  • Greg Anderson - Senior Security Engineer - Pearson
    Greg Anderson is a security professional with diverse experience ranging from vulnerability assessments to intrusion detection and root cause analysis. Greg's recent work has focused on advanced security automation to get the most out of application security programs. Greg's previous work, which was featured at DEFCON, focused on unconventional attack vectors and how to maximize their impact while avoiding detection. Greg is the creator of DefectDojo and was a Chapter Leader of OWASP San Antonio for two years. Feel free to chat Greg up about anything and everything.

Links:

Similar Presentations: