Save 40% on Coursera Plus Annual

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Creating an AppSec Pipeline With Containers in a Week - How We Failed and Succeeded

OWASP Foundation via YouTube

Start learning Write review
Udacity Ad

Get 50% Off Udacity Nanodegrees — Code CC50

Learn More → University of the People Ad

Earn Your CS Degree, Tuition-Free, 100% Online!

Learn More →

Overview

Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore the journey of setting up an AppSec pipeline using Docker containers in this 25-minute conference talk from AppSec EU 2017. Discover the challenges faced, solutions implemented, and lessons learned in creating a secure application development workflow. Learn how to combat false positives, leverage existing security products effectively, and minimize disruption to development teams. Gain insights into extending build steps, integrating tools like ZAP and BURP, implementing DAST and reporting, containerizing the process, and addressing issues such as legacy APIs and false negatives. Understand the importance of platform team availability and how to balance security measures with developer productivity.

Syllabus

Intro
About me
The Challenge: The landscape
The Challenge: Existing workflow
The Challenge: New entries
The Solution: Extend build step
The Solution: Feeding ZAP & BURP
The Solution: DAST & reporting
The Solution: Clair
The solution: Containerize!
The solution: a starting point
The Solution: Did it work?
False positives
Legacy APIs
Not frustrate developers
Integrating Burpproxy
False negatives....
Platform team availability
Recap

Taught by

OWASP Foundation

Reviews

Start your review of Creating an AppSec Pipeline With Containers in a Week - How We Failed and Succeeded

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.