DevSecOps with OWASP DevSlop NANCY GARCHE & TANYA JANCA
Update: 2019-07-05
Description
OWASP Global AppSec Tel Aviv
https://telaviv.appsecglobal.org/
The OWASP DevSlop team is dedicated to learning and teaching DevSecOps via examples, and “Patty the Pipeline” is no exception: we ensure all the 3rd party components are known-secure, retrieve secrets from a secret store, and the code must pass negative unit tests, dynamic application security testing (DAST), static application security testing (SAST), and encryption and infrastructure VA verification. This entire system/project is open-sourced as part of the OWASP DevSlop project on GitHub and as live streaming and recorded videos, so that developers can watch each of the lessons, add it to their own pipelines, giving them a head start on DevSecOps. The talk will consist mostly of a start-to-finish demo of each part of the pipeline. Tools showcased include SSL Labs, White Source Bolt, Azure DevOps Security Toolkit and OWASP Zap. Supporting videos available here: https://aka.ms/DevSlopSho
Nancy Gariché
Co-Founder, Secure That Cert!
In the early 2000's, this speaker joined the Canadian federal government as a computer science CO-OP student and never left. In 2009, he/she moved to Ottawa from Montreal, his/her beloved hometown, to land his/her first IT security job as a security analyst.
Tanya Janca
Senior Cloud Advocate, Microsoft
Tanya Janca is a senior cloud advocate for Microsoft, specializing in application and cloud security; evangelizing software security and advocating for developers and operations folks alike through public speaking, her open source project OWASP DevSlop, and various forms of teaching.
-
Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project
https://telaviv.appsecglobal.org/
The OWASP DevSlop team is dedicated to learning and teaching DevSecOps via examples, and “Patty the Pipeline” is no exception: we ensure all the 3rd party components are known-secure, retrieve secrets from a secret store, and the code must pass negative unit tests, dynamic application security testing (DAST), static application security testing (SAST), and encryption and infrastructure VA verification. This entire system/project is open-sourced as part of the OWASP DevSlop project on GitHub and as live streaming and recorded videos, so that developers can watch each of the lessons, add it to their own pipelines, giving them a head start on DevSecOps. The talk will consist mostly of a start-to-finish demo of each part of the pipeline. Tools showcased include SSL Labs, White Source Bolt, Azure DevOps Security Toolkit and OWASP Zap. Supporting videos available here: https://aka.ms/DevSlopSho
Nancy Gariché
Co-Founder, Secure That Cert!
In the early 2000's, this speaker joined the Canadian federal government as a computer science CO-OP student and never left. In 2009, he/she moved to Ottawa from Montreal, his/her beloved hometown, to land his/her first IT security job as a security analyst.
Tanya Janca
Senior Cloud Advocate, Microsoft
Tanya Janca is a senior cloud advocate for Microsoft, specializing in application and cloud security; evangelizing software security and advocating for developers and operations folks alike through public speaking, her open source project OWASP DevSlop, and various forms of teaching.
-
Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP_Media_Project
Comments
In Channel
Download from Google Play
Download from App Store
United States00:00
00:00
x
